Re: [fw-wiz] Terminating Secureclient on a private address range

On Sep 13, 2006, at 4:11 AM, Steve Willis wrote:
We currently run a pair of Nokia ip350's in a HA pair. We have a
address for each of the firewalls plus one for the VIP. We have been
successfully running SecureClient terminating on the VIP address
without any
problems. However we are about to migrate to a new ISP that wants
us to
allocate private addresses to the firewalls and the VIP and they
will route
from the newly allocated public address range to us.

Tell the ISP that you need to have publicly routable IPs on the
external interfaces of your firewalls in order to terminate your VPN
clients, and that you cannot (and therefore will not) accept a
network configuration that involves NAT translation.

If they do not make a /29 netblock available, find another ISP who is
willing to provide a solution that works for your organization,
rather than an ISP which insists upon creating problems for you.


firewall-wizards mailing list