[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Dupe IP addresses.
Hi, This may be one for the archives, but I am having an issue with accessing the mailing list archives right now. That is being dealt with. So, in the interrim, I thought I'd ask about duplicate IP addressing issues with Firewall 1. I had sort of a two-fold question with regard to FW-1 and NAT. I am running vers 4.1 of FW-1. I have a number of users utilizing SecuRemote from their home PC's. The typical setup is that they either run an NT4 or Win2K client that sits behind a firewall of their own. Usually their home workstation's IP address is determined by their firewall running DHCP. It hands the client a non-routable IP addr (usu. 10.0.0.x). Since 10.0.0.x is the common non routable that the clients use, it is not uncommon for 2 of my clients to try coming into the network with an IP addr of 10.0.0.2. Yes, the intial authentication and Toplogy exchange is done via their firewall's public IP address. But then, once that's outta the way, most all the IP exchanges are done with the 10.0.0.2 address. So far, with regard to 2 or more users VPN'ing in with an IP addr of 10.0.0.2, this has occured at separate times, so there hasn't been a problem with IP addr conflict or anything. I am thinking forward to the time when I have more than one client coming into our network via VPN with the same IP address ( such as 10.0.0.2) . I have machines on my LAN that are configured to allow access to certain TCP based services ( such as email) to some IP addrs and not to others. I can see this dupe IP problem as a real possibility as I will be getting about 50 or more clients in the near future. Most of them with a similar setup of a home PC with NT 4 and a linux based firewall/DHCP server that hands out 10.0.0.X IP addresses. Will this be the nightmare that I foresee, or does Firewall 1 take all this into account somehow. Or is there something I need to do via Voyager or the Policy GUI to eliminate this Duplicate IP addr problem. Is there any way around this besides enforcing upon all 50 of my clients to all use unique IP addrs on their home machines? Home PC users tend to be a territorial lot and may not wish to have their sysadmin telling them how to configure their DHCP IP address pool at home. Thanks, Rich Quinn ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|