RE: [fw-wiz] Remote Access via Checkpoint VPN

MHawkins_at_TULLIB.COM
Date: 08/18/04

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""
    To: Michel.Ludolph@atosorigin.com, firewall-wizards@honor.icsalabs.com
    Date: Tue, 17 Aug 2004 22:00:18 -0400
    
    

    Michel,

    You're completely off you're nut!

    If you don't use a public IP on your firewall then I would suggest that alot
    of your PMTU is broken as well as your potential VPN.

    You should definitely configure a public IP on your firewall.

    That's the only way to make it work correctly.

    IMHO.

    Mike H

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Ludolph,
    Michel
    Sent: Tuesday, August 17, 2004 4:52 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Remote Access via Checkpoint VPN

    Hello,

    I have the following setup up with Checkpoint FW-1:

    Internet------10.x.x.x--FW--10.x.x.x----- Internal network
                                    |
                                    |
                                    |
                            20.20.20.20 (DMZ)

    Pease note:
    - the external FW-interface has a private IP-address (10.x.x.x).
    - the DMZ FW-interface has a public IP-address (20.20.20.20 as an example)

    I would like to setup a VPN on the FW, to which a remote client can connect
    via the Internet, using SecureClient. According to Checkpoint documentation
    the VPN should bind to the FW-external interface. This is the problem, my
    FW-external interface has a private IP-address, which is not routable via
    the Internet. In order to make this working I would like the VPN to bind to
    the DMZ-interface (20.20.20.20) instead of the external interface.

    Has anyone setup such a VPN and does it work or do you have any suggestions?

    Thanks for your help.

    michelDOTludolphATatosoriginDOTcom
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Patrick M. Hausen: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""