[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] internal network/NAT (eventually VPN)



I am trying to get the same scenario to work..I have a Nokia box with NG/FP2
on it..Outside contractors using SecuRemote(latest version for NG),
authenticate to an internal RADIUS box, they can ping the internal hosts by
ip(10.x.x.x) but cannot ping by name nor access any host inside
(10.x.x.x)either by name or ip..I've got a case opened with Nokia on
this....Please keep me posted if you find a way to work it out..

-----Original Message-----
From: Vic G [mailto:[email protected]]
Sent: Wednesday, October 30, 2002 11:56 AM
To: [email protected]
Subject: [FW-1] internal network/NAT (eventually VPN)


I'm attempting to set this up, here is my config (be kind..)

Very int              IntDMZ        FW       External
15.x.x.x    Router  10.10.10.x     10-12     12.x.x.x


There is a router between "very internal", (which also has other routers to
more internal nets...)
I need a client on the outside(internet) to be able to get to an very
internal host station (eventually VPN to a similar setup on other side). I
have on my INT DMZ some hosts (Static Nat'd to the external address) and
that works OK. The Router is static NAT'd as a workstation, with NAT
enabled. (one IP is 10.x.x.x, other is 15.x.x.x)I've tried HIDE and STATIC
(not sure what it should be...)
The Internet router has static route statments to force the external address
to the FW. How does someone on the Internet address (what could be) many
internal addresses on the inside networks?

All the examples I see are only 1 level deep (ie the 10.x.x.x is hide/natted
to the outside). I need to get 1 more level in.

What am I missing here?
Vic








_________________________________________________________________
Unlimited Internet access -- and 2 months free!  Try MSN.
http://resourcecenter.msn.com/access/plans/2monthsfree.asp

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================