[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] IP POOL for SecuRemote connection with client side NAT Fails
I've set-up an IP NAT pool for SecuRemote connections coming into my company. This is working fine for most users and the log viewer shows the incoming data being decrypted and NAT'ed. I've verified the NAT is taking place using a packet sniffer on my internal network. HOWEVER, If I set this up for a remote ADSL user who's ISP is providing them with a NAT'ed IP address, it fails. In the log viewer I still see the incoming data being decrypted and then NAT'ed using my predefined IP NAT pool of addresses for incoming SecuRemote connections. BUT, If I put a packet sniffer on my internal network now I can see that the data has the original source IP address and has not been NAT'ed by my firewall at all! IT IS LYING. My question, Why is the FW-1 NAT for SecuRemote connection only working for machines with a legal address who don't need it and not for users sitting behind a client side NAT'ed router? I'm running CPFW-1 4.1 sp5 on a Solaris platform and SecuRemote 4.1 sp5 build 4199. SecuRemote is configured to use IKE encryption and is forcing UDP encapsulation on both machines as per phoneboy article "http://www.phoneboy.com/docs/secureclient-nat.pdf" Any help will be greatly appreciated, Dean Gorton Senior Network Analyst * +44 20 7843 4775 * [email protected] * Macmillan Limited, The Macmillan Building 4 Crinan Street London, N1 9XW, ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|