[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails
Yes, The Client side network is also used on our internal LAN. Is this the problem? I thought the IP pool for SecuRemote NAT would allow this. -----Original Message----- From: Cryptotech [mailto:[email protected]] Sent: 25 February 2002 23:49 To: [email protected] Subject: Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails Is the network at the client side the same as the one "inside" the firewall? ----- Original Message ----- From: "Gorton Dean" <[email protected]> To: <[email protected]> Sent: Monday, February 25, 2002 1:50 PM Subject: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails > I've set-up an IP NAT pool for SecuRemote connections coming into my > company. This is working fine for most users and the log viewer shows the > incoming data being decrypted and NAT'ed. I've verified the NAT is taking > place using a packet sniffer on my internal network. > > HOWEVER, If I set this up for a remote ADSL user who's ISP is providing them > with a NAT'ed IP address, it fails. In the log viewer I still see the > incoming data being decrypted and then NAT'ed using my predefined IP NAT > pool of addresses for incoming SecuRemote connections. > > BUT, If I put a packet sniffer on my internal network now I can see that the > data has the original source IP address and has not been NAT'ed by my > firewall at all! IT IS LYING. > > My question, Why is the FW-1 NAT for SecuRemote connection only working for > machines with a legal address who don't need it and not for users sitting > behind a client side NAT'ed router? > > I'm running CPFW-1 4.1 sp5 on a Solaris platform and SecuRemote 4.1 sp5 > build 4199. SecuRemote is configured to use IKE encryption and is forcing > UDP encapsulation on both machines as per phoneboy article > "http://www.phoneboy.com/docs/secureclient-nat.pdf" > > Any help will be greatly appreciated, > > Dean Gorton > Senior Network Analyst > > * +44 20 7843 4775 > * [email protected] > > * Macmillan Limited, > The Macmillan Building > 4 Crinan Street > London, > N1 9XW, > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|