Re: [fw-wiz] Remote Access via Checkpoint VPN

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
• In reply to: Desai, Ashish: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Sun, 22 Aug 2004 19:41:47 +0530

On 18/08/04 10:57 -0400, Desai, Ashish wrote:
> > -----Original Message-----
> > From: Ludolph, Michel [mailto:Michel.Ludolph@atosorigin.com]
> > Sent: Tuesday, August 17, 2004 4:52 AM
> > To: firewall-wizards@honor.icsalabs.com
> > Subject: [fw-wiz] Remote Access via Checkpoint VPN
> > Internet------10.x.x.x--FW--10.x.x.x----- Internal network
> > |
> > |
> > |
> > 20.20.20.20 (DMZ)
>

Quoting fixed. Mr Desai might want to learn to quote messages and stop
posting first.

> You might want to read this BEFORE you try anything this X!@#$!#$
As I understood the diagram above,
 
Internet (ISP router) ---- public address of router
                                |
                                RFC 1918 space
                                |---- firewall--- LAN in RFC1918 space
                                        |
                                        |
                                DMZ with public IP space

Given that a lot of ISPs will use RFC 1918 address space for point to
point links (they shouldn't, but they do), it might be perfectly
possible for the ISP to be NATing the addresses and routing the public
IP space. Also, given a very small public address space, there may not
be the option of subnetting it and extracting a /30 from it for the
firewall external interface.

As the OP said,
> > the problem, my FW-external interface has a private IP-address, which is
> > not routable via the Internet. In order to make this working I would
> > like the VPN to bind to the DMZ-interface (20.20.20.20) instead of the
> > external interface.
he clearly understands that RFC 1918 space is not routed via the
Internet. That the firewall has an external interface with a RFC 1918
addresses is a totally different issue than routing it via the internet

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
• In reply to: Desai, Ashish: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]