Re: [fw-wiz] VPN Gateway And Nat

• Previous message: Eye Am: "[fw-wiz] Re: DHCP in a corporate MS environment - Security Risk?"
• In reply to: Fredrik Lindström: "Re: [fw-wiz] VPN Gateway And Nat"
• Next in thread: Dave Mitchell: "Re: [fw-wiz] VPN Gateway And Nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Christopher Lee <clee@myhome.homeip.net>
To: firewall-wizards@honor.icsalabs.com
Date: Sun, 23 Feb 2003 16:06:57 -0500

Or, create a special NAT rule on your firewall (where the traffic is
originating from) and translate all traffics to the actual ip address of the
firewall to the NATed IP on the router instead...

Obviously, this only works if the VPN traffics are only from certain networks...

Christopher Lee
PGP Fingerprint: 15C1 65D0 E051 C64D 5246 89FC 5AE3 DE2C 8F1E 89A7
Personal Web Page: http://complexity.webhop.net

Quoting Fredrik Lindström <fredrik@dunenets.net>:

> Hi,
>
> I guess you're using Check Point products (VPN-1 Pro/Net) since you say you
> use SecuRemote.
>
> The configuration you describe is not supported in a Check Point
> enviroment,
> the VPN Gateway must always have a public IP address.
>
> Regards
>
> Fredrik
>
>
> > From: LE CORVIC Y InfoEdpEtcDep <Yoann.Le-Corvic@socgen.com>
> > To: "'firewall-wizards@honor.icsalabs.com'"
> <firewall-wizards@honor.icsalabs.com>
> > Date: Fri, 21 Feb 2003 16:44:47 +0100
> > Subject: [fw-wiz] VPN Gateway And Nat
> >
> > Hi All,
> >
> > I have a slight problem with a VPN configuration, and wanted to know if
> you
> > all can help. Basically, here is the situation :
> >
> > PROTECTED_NET-------VPNGATEWAY --------ROUTER-----ClientSecuremote
> >
> > The public IP Adress of the VPN GATEWAY is natted at the ROUTER, so that
> the
> > ClientSecuremote doesn't access the real IP Adress of the VPNGATEWAY, but
> > one on the ROUTER.
> >
> > The intiation sequence works, and the authentication as well, be when the
> > network topology is downloaded, no access is possible on servers of the
> > PROTECTED_NET.
> >
> > I suspect that after topology download, the real IP Adress of the gateway
> is
> > given to ClientSecuremote, which uses it for the remaining of the
> > communication.
> >
> > Is there a way to go around that problem, or is it a lost cause... ?
> >
> > Thanks for your help.
> > *************************************************************************
> >
> > Ce message et toutes les pieces jointes (ci-apres le "message") sont
> > confidentiels et etablis a l'intention exclusive de ses destinataires.
> > Toute utilisation ou diffusion non autorisee est interdite.
> > Tout message electronique est susceptible d'alteration.
> > La SOCIETE GENERALE et ses filiales declinent toute responsabilite au
> titre de ce message s'il a ete altere, deforme ou falsifie.
> >
> > ********
> >
> > This message and any attachments (the "message") are confidential and
> > intended solely for the addressees.
> > Any unauthorised use or dissemination is prohibited.
> > E-mails are susceptible to alteration.
> > Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall
> be liable for the message if altered, changed or falsified.
> >
> > *************************************************************************
> >
> > --__--__--
> >
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Julian HO Thean Swee: "[fw-wiz] RE: firewall-wizards digest, Vol 1 #884 - 1 msg"
• Previous message: Eye Am: "[fw-wiz] Re: DHCP in a corporate MS environment - Security Risk?"
• In reply to: Fredrik Lindström: "Re: [fw-wiz] VPN Gateway And Nat"
• Next in thread: Dave Mitchell: "Re: [fw-wiz] VPN Gateway And Nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]