Re: [fw-wiz] Terminating Secureclient on a private address range



On Sep 13, 2006, at 4:11 AM, Steve Willis wrote:
We currently run a pair of Nokia ip350's in a HA pair. We have a
public
address for each of the firewalls plus one for the VIP. We have been
successfully running SecureClient terminating on the VIP address
without any
problems. However we are about to migrate to a new ISP that wants
us to
allocate private addresses to the firewalls and the VIP and they
will route
from the newly allocated public address range to us.

Tell the ISP that you need to have publicly routable IPs on the
external interfaces of your firewalls in order to terminate your VPN
clients, and that you cannot (and therefore will not) accept a
network configuration that involves NAT translation.

If they do not make a /29 netblock available, find another ISP who is
willing to provide a solution that works for your organization,
rather than an ISP which insists upon creating problems for you.

--
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Terminating Secureclient on a private address range
    ... address for each of the firewalls plus one for the VIP. ... I don't know what unsupported workaround you are talking about, ... referring to adding a fake external interface, ...
    (Firewall-Wizards)
  • [fw-wiz] Terminating Secureclient on a private address range
    ... address for each of the firewalls plus one for the VIP. ... Our ISP assure me ... Checkpoint supplied an unsupported workaround, but even this will not work ...
    (Firewall-Wizards)
  • Re: Netscreen-5 Firewall Newbie Questions
    ... MIP instead of a VIP? ... > I AM NEW to FIREWALLS and NETSCREEN gear, I am trying to learn if what ... > I recently inherited a Netscreen-5 from a friends failed consulting ... > Web-interface will not allow me to set up a VIP with a service port ...
    (comp.security.firewalls)
  • Re: handling hsrp connections from isp
    ... Because you only have unmanaged switches for your ISP and Firewall ... connections, that is definitely a single point of failure. ... pair of switches, which then go to the firewalls, which then go back ...
    (comp.dcom.sys.cisco)
  • Re: 2.6.17 regression: Very slow net transfer from some hosts
    ... firewalls. ... I have reproduced it at both those locations (same ISP). ... OS of any ISP routers in my path. ... Turn off TCP window scaling, your performance will be limited but about ...
    (Linux-Kernel)