[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] General Question on SecuRemote and SecureClient
Apparently this is one of those things that may or may not work for some unknown reason. We have been doing this successfully with users of Linksys and Cisco products. CheckPoint support also confirmed that this will work. The firewall keeps track of the connection based on the client's valid IP even though they share the same IP Pool NAT entry (maybe htis is the cause of others' problems?) For us the key was to be sure the home network was not in our internal network/encryption domain and routes to the home network directed traffic out the external interface of the firewall. FW-1 4.1 SP5 on Solaris 7 (and IP Pool NAT) Securemote 4.1 SP5 on various platforms --- Shawn Kearley <[email protected]> wrote: > The problem I am considering is not an overlap > between the Home Network and > the Corporate Network, The problem I am wondering > about is when two remote > users with the same local IP address connect to the > corporate network at the > same time, i.e.: > > Home User 1 > 192.168.1.100 -----| > |-- Corporate Firewall --- > Internal Network > (192.168.100.x) > Home User 2 | > 192.168.1.100 -----| > > Will there be a problem with this connection if IP > Pool NAT is not used? > > Shawn > > -----Original Message----- > From: Don [mailto:[email protected]] > Sent: March 11, 2002 12:04 PM > To: [email protected] > Subject: Re: [FW-1] General Question on SecuRemote > and SecureClient > > > > Over the weekend, I picked up for myself, a > Linksis DSL router for home, > and > > when I was setting it up, I realized that using > the defaults, as many > users > > would, anyone using one of these devices will be > getting the same network, > > and potentially the same IP address on their home > system. > > > > What I am wondering about, is will I have any > problems if two users, > > establish a VPN connection to us, who are using > the same internal IP > Address > > on their home system. By not using IP Pool NAT, > the IP Address used > within > > the corporate network, is the same address on the > home system. Will > > Checkpoint correctly route the traffic to the > correct Remote PC, or will I > > likely run into difficulties. > > > > On a similar note, if I should enable IP Pool NAT > to clear up the above > > issue, will I need to re-deploy a USERC.C file to > the remote PCs or is > this > > totally internal to the Firewall box. I am asking > this because some of > our > > VPN users are remote vendors who were reluctant to > use the software in the > > first place, and I don't want to inconvenience > them further unless I have > > to. > IP NAT Pool will not fix this problem. You need to > use different addresses > on your internal network or the home networks. > > -don > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|