----- Mensaje original -----
Enviado: viernes, 14 de junio de 2002
17:31
Asunto: Re: [FW-1] VPN with only
firewall's ip public address
The scenario you're describing (your new one) is fairly typical in my
experience, and is referred to as a LAN-to-LAN VPN. The scenario you
describe where your FW establishes a VPN with the public IP of a host on
their side, with addressing translation taking place through some unseen
magic at their end, is atypical (again, only speaking from my
experience).
Arguably, your "new scenario" is simpler than your old one, so that's
good news. :)
All you do is set up a VPN between the two firewalls, with traffic
through the tunnel (your encryption domains) defined in terms of the private
ranges. In terms of FW-1 objects, you have one for your firewall,
whose encryption domain includes workstation/network objects specifying your
private addresses that you want to talk to them. You have an object
for their firewall, and its encryption domain should include objects
corresponding to their workstation/network objects, specified using their
private addresses that you want to talk to.
Make sense? Or did I totally miss your Q?
:)
Hello,
I'm trying to change our
firewall's configuration to make a new VPN with another network (let's
call it network B) but don't know how to do it.
The thing is that the only
public IP address I have from network B is its firewall's public address,
the rest of the machines in network B only have private addresses. Up to
know, every VPN I have made worked in a different way, thats to say, I
always established a communication with the other network's machine's IP
public address, and it was this other network's firewall which using NAT,
translated this public adress to its corresponding private
one.
The case I'm facing now is
a little bit different, just because I should establish my connection
directly using the other network machine's private addresses. How can this
be done?
Thanks in advance,
Elena