[fw-wiz] Terminating Secureclient on a private address range




We currently run a pair of Nokia ip350's in a HA pair. We have a public
address for each of the firewalls plus one for the VIP. We have been
successfully running SecureClient terminating on the VIP address without any
problems. However we are about to migrate to a new ISP that wants us to
allocate private addresses to the firewalls and the VIP and they will route
from the newly allocated public address range to us.

I am unable to see how SecureClient will work in this way. Our ISP assure me
that this will work using NAT (they tell me this works on their PIX's). I
managed to track down one document on the net that basically says that
Checkpoint supplied an unsupported workaround, but even this will not work
in a HA configuration, and I am certainly not interested in an unsupported
option. I have agreed to try and get this working on the proviso that if it
does not we will get public addressing for the firewalls, but so far I have
been unsuccessful. Does anyone know if this is possible, and if so, any
pointers?

Many thanks for any light you can shed on this

Dillan

<<attachment: winmail.dat>>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: [fw-wiz] Terminating Secureclient on a private address range
    ... address for each of the firewalls plus one for the VIP. ... I don't know what unsupported workaround you are talking about, ... referring to adding a fake external interface, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Terminating Secureclient on a private address range
    ... address for each of the firewalls plus one for the VIP. ... successfully running SecureClient terminating on the VIP address ... Tell the ISP that you need to have publicly routable IPs on the ...
    (Firewall-Wizards)
  • Re: Netscreen-5 Firewall Newbie Questions
    ... MIP instead of a VIP? ... > I AM NEW to FIREWALLS and NETSCREEN gear, I am trying to learn if what ... > I recently inherited a Netscreen-5 from a friends failed consulting ... > Web-interface will not allow me to set up a VIP with a service port ...
    (comp.security.firewalls)