|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] VPN with only firewall's ip public address
What
Dale states is correct. An underlying assumption is that IKE is being
used, which employes ESP for the encapsulation of data. FWZ will not do
this, and would therefore require the NAT you describe
below.
HTH
Dan Hitchcock CCNP, CCSE, MCSE Security Operations
Technical Lead Breakwater Security Associates,
Inc. "Safe Harbor for Your Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com work
The information contained in this
email message may be privileged, confidential and protected from
disclosure. If you are not the intended recipient, any dissemination,
distribution or copying is strictly prohibited. If you think you have
received this email message in error, please email the sender at dhitchcock (at)
breakwatersecurity (dot) com
Hi Elena,
As
long as the private addresses you are using on Network A and Network B don't
overlap you don't have a problem. Because all traffic is encapsulated between
Firewall A and Firewall B the fact that both networks use private addresses is
irrelevant. Make sure however that Network A knows to route packets to Network
B via Firewall A, and vice versa. You also need a NAT rule that ensures
traffic between Network A and Network B is not NAT'ed, otherwise Firewall A
will hide connections to Network B behind Firewall A's public address. A
similar rule will be needed on Firewall B is bi-directional communication is
needed. Of course you can still hide all connections to Network B behind
Firewall A's public address if you want, Network B just won't be able to
initiate a connection to Network A.
Dale
At 16:03 14/06/2002
+0200, you wrote:
Hello,
I'm trying to change our firewall's configuration to make a new VPN with
another network (let's call it network B) but don't know how to do
it. The thing
is that the only public IP address I have from network B is its firewall's
public address, the rest of the machines in network B only have private
addresses. Up to know, every VPN I have made worked in a different way,
thats to say, I always established a communication with the other network's
machine's IP public address, and it was this other network's firewall which
using NAT, translated this public adress to its corresponding private
one. The case
I'm facing now is a little bit different, just because I should establish my
connection directly using the other network machine's private addresses. How
can this be done? Thanks in
advance, Elena =================================================
To set vacation, Out Of Office, or away messages, send an email to
[email protected] in the BODY of the email add: set
fw-1-mailinglist nomail ================================================= To
unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================= If you have any questions on
how to change your subscription options, email [email protected]
=================================================
|
|