[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] VPN question for Static NATed IP address
Dear All,
I am trying to build VPN with FireWall-1 4.1 with High Avialability as shown below.
NOKIA IP440 x 2
IPSO 3.4.1-FCS10
FireWall-1 4.1 SP5a
Also, I am using both VPN and NAT on FireWall-1.
The IP address(A.A.A.A = private IP address) on the internal network is Static NATed to B.B.B.B(=public IP address),
which commnuictates with C.C.C.C(=public IP address) on FireWall-1 on the other side.
After VPN was established successfully, when I ping from A.A.A.A to C.C.C.C,
I can see the log in FireWall-1 as shown below.
scheme: IKE methods: Combined ESP: 3DES + SHA1(phase2
completion) for hosts: B.B.B.B and C.C.C.C
scheme: IKE methods: Combined ESP: 3DES + SHA1(phase2
completion) for hosts: A.A.A.A and C.C.C.C
The log in the FireWall-1 on the other side shows the same.
After VPN is established successfully, both endpoints communicates
each other with NATed IP address( in this case, this is B.B.B.B),so
I guess key install for A.A.A.A(=private IP adddress) would not be required.
This key install is correct action for FireWall-1 ?
Are there any ways to avoid key install for A.A.A.A(=private IP address) ?
Please advise.
Best regards,
Seigo Usui
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================