Firewall Wizards mailing list archives

Re: Remote Access via Checkpoint VPN

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sun, 22 Aug 2004 19:41:47 +0530

On 18/08/04 10:57 -0400, Desai, Ashish wrote:

 -----Original Message-----
From: Ludolph, Michel [mailto:Michel.Ludolph () atosorigin com] 
Sent: Tuesday, August 17, 2004 4:52 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Remote Access via Checkpoint VPN
Internet------10.x.x.x--FW--10.x.x.x----- Internal network 
                            | 
                            | 
                            | 
                    20.20.20.20 (DMZ)


Quoting fixed. Mr Desai might want to learn to quote messages and stop
posting first.

You might want to read this BEFORE you try anything this X!@#$!#$

As I understood the diagram above,
 
Internet (ISP router) ---- public address of router
                                |
                                RFC 1918 space
                                |---- firewall--- LAN in RFC1918 space
                                        |
                                        |
                                DMZ with public IP space

Given that a lot of ISPs will use RFC 1918 address space for point to
point links (they shouldn't, but they do), it might be perfectly
possible for the ISP to be NATing the addresses and routing the public
IP space. Also, given a very small public address space, there may not
be the option of subnetting it and extracting a /30 from it for the
firewall external interface.

As the OP said,

the problem, my FW-external interface has a private IP-address, which is
not routable via the Internet. In order to make this working I would
like the VPN to bind to the DMZ-interface (20.20.20.20) instead of the
external interface.

he clearly understands that RFC 1918 space is not routed via the
Internet. That the firewall has an external interface with a RFC 1918
addresses is a totally different issue than routing it via the internet

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Remote Access via Checkpoint VPN Ludolph, Michel (Aug 17)
- <Possible follow-ups>
- RE: Remote Access via Checkpoint VPN MHawkins (Aug 17)
  - Re: Remote Access via Checkpoint VPN Erick Mechler (Aug 20)
- RE: Remote Access via Checkpoint VPN Desai, Ashish (Aug 20)
  - RE: Remote Access via Checkpoint VPN Orca (Aug 22)
  - Re: Remote Access via Checkpoint VPN Devdas Bhagat (Aug 22)
- RE: Remote Access via Checkpoint VPN MHawkins (Aug 20)