Re: [fw-wiz] VPN Gateway And Nat

From: Fredrik Lindström (fredrik@dunenets.net)
Date: 02/22/03

  • Next message: SimonChan@lifeisgreat.com.sg: "Re: [fw-wiz] VPN Gateway And Nat" 
    From: Fredrik Lindström <fredrik@dunenets.net>
To: <firewall-wizards@honor.icsalabs.com>
Date: Sat, 22 Feb 2003 22:39:50 +0100

    Hi,

    I guess you're using Check Point products (VPN-1 Pro/Net) since you say you
    use SecuRemote.

    The configuration you describe is not supported in a Check Point enviroment,
    the VPN Gateway must always have a public IP address.

    Regards

    Fredrik

    > From: LE CORVIC Y InfoEdpEtcDep <Yoann.Le-Corvic@socgen.com>
    > To: "'firewall-wizards@honor.icsalabs.com'"
    <firewall-wizards@honor.icsalabs.com>
    > Date: Fri, 21 Feb 2003 16:44:47 +0100
    > Subject: [fw-wiz] VPN Gateway And Nat
    >
    > Hi All,
    >
    > I have a slight problem with a VPN configuration, and wanted to know if
    you
    > all can help. Basically, here is the situation :
    >
    > PROTECTED_NET-------VPNGATEWAY --------ROUTER-----ClientSecuremote
    >
    > The public IP Adress of the VPN GATEWAY is natted at the ROUTER, so that
    the
    > ClientSecuremote doesn't access the real IP Adress of the VPNGATEWAY, but
    > one on the ROUTER.
    >
    > The intiation sequence works, and the authentication as well, be when the
    > network topology is downloaded, no access is possible on servers of the
    > PROTECTED_NET.
    >
    > I suspect that after topology download, the real IP Adress of the gateway
    is
    > given to ClientSecuremote, which uses it for the remaining of the
    > communication.
    >
    > Is there a way to go around that problem, or is it a lost cause... ?
    >
    > Thanks for your help.
    > *************************************************************************
    >
    > Ce message et toutes les pieces jointes (ci-apres le "message") sont
    > confidentiels et etablis a l'intention exclusive de ses destinataires.
    > Toute utilisation ou diffusion non autorisee est interdite.
    > Tout message electronique est susceptible d'alteration.
    > La SOCIETE GENERALE et ses filiales declinent toute responsabilite au
    titre de ce message s'il a ete altere, deforme ou falsifie.
    >
    > ********
    >
    > This message and any attachments (the "message") are confidential and
    > intended solely for the addressees.
    > Any unauthorised use or dissemination is prohibited.
    > E-mails are susceptible to alteration.
    > Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall
    be liable for the message if altered, changed or falsified.
    >
    > *************************************************************************
    >
    > --__--__--
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Relevant Pages

    • Re: VPN behind NAT
      ... I use my Nat/Router public adress as VPN server adress and it doesn't work, ... Beside this, the router has to be open for protocol No. 50, ESP, (NOT port ... 50 depends on the configuration the menu in the router is offering. ...
      (microsoft.public.isa.vpn)
    • NAT-T and openswan ?
      ... I have a NAT firewall in between my VPN gateway and another VPN endpoint ... configuration at the remote end by the remote people). ...
      (Debian-User)
    • problem with pop3 connector
      ... I have installed SBS2003 and have a problem with the configuration of emails ... user name: abj ... I have created a connector in the pop3 connector and linked it to the user ... it seems to be redirecting to the adress ...
      (microsoft.public.windows.server.sbs)
    • ifconfig: setifflags: SIOCGLIFFLAGS: eri0:12: no such interface
      ... I check up my configuration: ... /etc/hosts has the entries for the hostname and IP adress ... /etc/hostname.eri0:12 has the correct entry (corresponding to the hostname in ...
      (SunManagers)