Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] vpn behind nat?

To: [email protected]
Subject: [FW-1] vpn behind nat?
From: Jose Garcia <[email protected]>
Date: Fri, 1 Aug 2003 10:51:34 +0200
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Matt,
I didn't find any reference to a "resolve_interface_ranges_nated_gw"
property in Smartdashboard...can you provide more info on this?

However, I came across KB article sk11682 which seems to be the only one
addressing specifically this issue.
I guess that you may want to give it a try (provided it still applies to
AI...and you can translate it -:)
I will be glad to know the results!

Jose.

Jose Garcia
Technical Network Consultant
CSS N.V.
Tel: +32 475 66.04.05
Fax: +32 2 718.52.20
Email: [email protected]


> ------------------------------
>
> Date:    Thu, 31 Jul 2003 10:55:29 -0500
> From:    Matt Kehler <[email protected]>
> Subject: Re: Subject: vpn behind nat?
>
> Is there another option instead of doing the search and replace in
> userc.c?    If I flip the resolve_interface_ranges_nated_gw value by
> using SmartDashboard in AI...will this basically allow it to work?
>
> Or is that my only option?
>
>
> thx
> Matt
>
> >>> [email protected] 07/30/03 12:28PM >>>
> The following needs to be "port translated" from the external natting
> router, indeed to the external ip of the firewall.
> 500 udp&tcp
> 2746 udp
> 50 ip (esp)
> 264 tcp (topo download)
> if using Secureclient & Office mode, also 18231 tcp & 18233, 18234 udp
>
> Be advised that the SR clients will download a useless topology, since
the
> external ip of the FW is non routable. Basically, you will need to do a
> search and replace in userc.c file, and replace any occurence of the FW
> external ip by the real public ip.
>
>
> Jose Garcia
> Technical Network Consultant
> CSS N.V.
> Tel: +32 475 66.04.05
> Fax: +32 2 718.52.20
> Email: [email protected]
>
>
> >Date:    Tue, 29 Jul 2003 15:40:16 -0500
> >From:    Matt Kehler <[email protected]>
> >Subject: vpn behind nat?
>
> >I want to create a (client to site) VPN terminating on NG AI, but the
> firewall does NOT have a public routable IP >available. I am under the
> impression that I can NAT one of my public IP address *to* the firewall.
> If this is >correct; what ports to I need to NAT over?
>
> >thx
> >Matt

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] telnet problem between cluster members
Next by Date: Re: [FW-1] fw1 module not loaded! (Linux 7.3 with kernal is 2.4.18-10smp) downgrade?
Previous by thread: Re: [FW-1] telnet problem between cluster members
Next by thread: Re: [FW-1] fw1 module not loaded! (Linux 7.3 with kernal is 2.4.18-10smp) downgrade?
Index(es):
- Date
- Thread