Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] General Question on SecuRemote and SecureClient

To: [email protected]
Subject: Re: [FW-1] General Question on SecuRemote and SecureClient
From: Larry <[email protected]>
Date: Mon, 11 Mar 2002 11:18:55 -0800
In-reply-to: <2D36FCDA6A07D5118FFB00508B661196B789F8@NPKENEX3>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Apparently this is one of those things that may or may
not work for some unknown reason. We have been doing
this successfully with users of Linksys and Cisco
products. CheckPoint support also confirmed that this
will work. The firewall keeps track of the connection
based on the client's valid IP even though they share
the same IP Pool NAT entry (maybe htis is the cause of
others' problems?)

For us the key was to be sure the home network was not
in our internal network/encryption domain and routes
to the home network directed traffic out the external
interface of the firewall.

FW-1 4.1 SP5 on Solaris 7 (and IP Pool NAT)
Securemote 4.1 SP5 on various platforms

--- Shawn Kearley <[email protected]>
wrote:
> The problem I am considering is not an overlap
> between the Home Network and
> the Corporate Network, The problem I am wondering
> about is when two remote
> users with the same local IP address connect to the
> corporate network at the
> same time, i.e.:
>
> Home User 1
> 192.168.1.100 -----|
>                    |-- Corporate Firewall ---
> Internal Network
> (192.168.100.x)
> Home User 2        |
> 192.168.1.100 -----|
>
> Will there be a problem with this connection if IP
> Pool NAT is not used?
>
> Shawn
>
> -----Original Message-----
> From: Don [mailto:[email protected]]
> Sent: March 11, 2002 12:04 PM
> To: [email protected]
> Subject: Re: [FW-1] General Question on SecuRemote
> and SecureClient
>
>
> > Over the weekend, I picked up for myself, a
> Linksis DSL router for home,
> and
> > when I was setting it up, I realized that using
> the defaults, as many
> users
> > would, anyone using one of these devices will be
> getting the same network,
> > and potentially the same IP address on their home
> system.
> >
> > What I am wondering about, is will I have any
> problems if two users,
> > establish a VPN connection to us, who are using
> the same internal IP
> Address
> > on their home system.  By not using IP Pool NAT,
> the IP Address used
> within
> > the corporate network, is the same address on the
> home system.  Will
> > Checkpoint correctly route the traffic to the
> correct Remote PC, or will I
> > likely run into difficulties.
> >
> > On a similar note, if I should enable IP Pool NAT
> to clear up the above
> > issue, will I need to re-deploy a USERC.C file to
> the remote PCs or is
> this
> > totally internal to the Firewall box.  I am asking
> this because some of
> our
> > VPN users are remote vendors who were reluctant to
> use the software in the
> > first place, and I don't want to inconvenience
> them further unless I have
> > to.
> IP NAT Pool will not fix this problem. You need to
> use different addresses
> on your internal network or the home networks.
>
> -don
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] General Question on SecuRemote and SecureClient
  - From: Shawn Kearley <[email protected]>

Prev by Date: Re: [FW-1] General Question on SecuRemote and SecureClient
Next by Date: Re: [FW-1] General Question on SecuRemote and SecureClient
Previous by thread: Re: [FW-1] General Question on SecuRemote and SecureClient
Next by thread: Re: [FW-1] General Question on SecuRemote and SecureClient
Index(es):
- Date
- Thread