NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Dupe IP addresses.



Hi,

This may be one for the archives, but I am having an issue with accessing
the mailing list archives right now.  That is being dealt with.  So, in the
interrim, I thought I'd ask about duplicate IP addressing issues with
Firewall 1.
I had sort of a two-fold question with regard to FW-1 and NAT.   I am
running vers 4.1 of FW-1.

I have a number of users utilizing SecuRemote from their home PC's.   The
typical setup is that they either run an NT4 or Win2K client that sits
behind a firewall of their own.   Usually their home workstation's IP
address is determined by their firewall running DHCP.  It hands the client
a non-routable IP addr (usu. 10.0.0.x).   Since 10.0.0.x is the common non
routable that the clients use, it is not uncommon for 2 of my clients to
try coming into the network with an IP addr of 10.0.0.2.

Yes, the intial authentication and Toplogy exchange is done via their
firewall's public IP address.  But then, once that's outta the way, most
all the IP exchanges are done with the 10.0.0.2 address.

So far, with regard to 2 or more users VPN'ing in with an IP addr of
10.0.0.2, this has occured at separate times, so there hasn't been a
problem with IP addr conflict or anything.

I am thinking forward to the time when I have more than one client coming
into our network via VPN with the same IP address ( such as 10.0.0.2) .  I
have machines on my LAN that are configured to allow access to certain TCP
based services ( such as email) to some IP addrs and not to others.  I can
see this dupe IP problem as a real possibility as I will  be getting about
50 or more clients in the near future.  Most of them with a similar setup
of a home PC with NT 4 and a linux based firewall/DHCP server that hands
out 10.0.0.X IP addresses.

Will this be the nightmare that I foresee, or does Firewall 1 take all this
into account somehow.
Or is there something I need to do via Voyager or the Policy GUI to
eliminate this Duplicate IP addr problem.
Is there any way around this besides enforcing upon all 50 of my clients to
all use unique IP addrs on their home machines?  Home PC users tend to be a
territorial lot and may not wish to have their sysadmin telling them how to
configure their DHCP IP address pool at home.

Thanks,

Rich Quinn

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.