Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN with only firewall's ip public address

To: [email protected]
Subject: Re: [FW-1] VPN with only firewall's ip public address
From: Dale Wilson <[email protected]>
Date: Fri, 14 Jun 2002 17:34:49 +0100
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Elena,

As long as the private addresses you are using on Network A and Network B don't overlap you don't have a problem. Because all traffic is encapsulated between Firewall A and Firewall B the fact that both networks use private addresses is irrelevant. Make sure however that Network A knows to route packets to Network B via Firewall A, and vice versa. You also need a NAT rule that ensures traffic between Network A and Network B is not NAT'ed, otherwise Firewall A will hide connections to Network B behind Firewall A's public address. A similar rule will be needed on Firewall B is bi-directional communication is needed. Of course you can still hide all connections to Network B behind Firewall A's public address if you want, Network B just won't be able to initiate a connection to Network A.

Dale

At 16:03 14/06/2002 +0200, you wrote:

Hello,

    I'm trying to change our firewall's configuration to make a new VPN with another network (let's call it network B) but don't know how to do it.

    The thing is that the only public IP address I have from network B is its firewall's public address, the rest of the machines in network B only have private addresses. Up to know, every VPN I have made worked in a different way, thats to say, I always established a communication with the other network's machine's IP public address, and it was this other network's firewall which using NAT, translated this public adress to its corresponding private one.

    The case I'm facing now is a little bit different, just because I should establish my connection directly using the other network machine's private addresses. How can this be done?

Thanks in advance,

Elena

================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================

References:
- [FW-1] VPN with only firewall's ip public address
  - From: Elena Zabala <[email protected]>

Prev by Date: Re: [FW-1] A NG question
Next by Date: Re: [FW-1] `fw internalca` certificate creation problem
Previous by thread: [FW-1] VPN with only firewall's ip public address
Next by thread: Re: [FW-1] VPN with only firewall's ip public address
Index(es):
- Date
- Thread