[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to allow PPTP and IPSEC through to server using HIDE NAT?
Robert, voici un extrait de Chkp ( Solution ID: sk12234 ) 1. PPTP with STATIC NAT configurations: In FireWall-1 NG, PPTP is supported with STATIC NAT whether the PPTP server or PPTP client is behind the firewall. 2. PPTP with HIDE NAT configurations: A. PPTP clients behind the FireWall-1 NAT device. In FireWall-1 version 4.1 this is supported, with the restriction that only one client is able to connect to a specific server at the same time. In FireWall-1 NG this configuration is not supported. B. PPTP server behind the FireWall-1 Hide NAT device. In this case there is only one routable IP address that is used for both Hide NAT on an internal network and to accept incoming PPTP connections to an internal PPTP server (server mapping). This configuration is not supported in either FireWall-1 4.1 or FireWall-1 NG. HTH ---------- Simon Desmeules http://www.digidyne.ca mailto :[email protected] ---------- Contact me for you Check Point Training View my co-authoring project at Syngress http://www.syngress.com/catalog/sg_main.cfm?pid=1922 ---------- DigiDyne Inc. 420 Armand-Frappier suite 320 Laval, Quebec H7V 4B4 Text 225 F---------- Public Key found on www.keyserver.net ---------- ----- Original Message ----- From: "Robert Masse" < -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [email protected] -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPxVLm/B+/w2Wb6b+EQK/rACffXtyWyf55u95mxouw/HxIzz/6KwAn0gt tXDIwQbx3+CZMo4rh0r4QOsT =3UpC -----END PGP SIGNATURE----- > To: <[email protected]> Sent: Tuesday, July 15, 2003 4:34 PM Subject: [FW-1] How to allow PPTP and IPSEC through to server using HIDE NAT? > Hello > > I have several users behind our firewall that need to connect to > different clients via PPTP. If the user has static NAT configured (1 > for 1), this is not an issue, the problem is that I cannot create static > NAT for every single user, we do not have enough IP addresses. > > What are my options? According to the Nokia knowledge base: > > --- > > In FireWall-1 version 4.1 this is supported, with the restriction that > only one client is able to connect to a specific server at the same > time. > > In FireWall-1 NG this configuration is not supported. > > --- > > What do you think? Has anyone been able to do this? We are running the > most recent Checkpoint (NGAI). > > Thanks in advance! > > Rob > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|