[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] NAT rules and secureclient IP-pool conflict
Hi, I have experienced a strange problem concerning some of our VPN secureclient users not beeing able to access some servers in the firewall DMZ. After looking at the firewall logs, I have found that when a secureclient connects to the DMZ server, the NAT rule normally in place for DMZ access is not matched. For the NAT to work, the NAT rule must be configured with the REAL (Internet) address of the client and not the address given by the firewall from the secureclient IP pool NAT. Has anyone experienced this and found a work-around ? I figure it is possible to make a NAT rule based on the IP networks used by the ISP we use. But I wonder if there is a technical bypass to this problem. Any response will be gratefully received. Regards, -- Yannick Lo Guidice - [email protected] Tel : +33 4 9211 5967 - Gsm : +33 6 3055 3576 Security speclialist ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|