Firewall Wizards mailing list archives

Re: Terminating Secureclient on a private address range

From: Chuck Swiger <chuck () codefab com>
Date: Wed, 13 Sep 2006 09:32:19 -0700

On Sep 13, 2006, at 4:11 AM, Steve Willis wrote:

We currently run a pair of Nokia ip350's in a HA pair. We have a  
public
address for each of the firewalls plus one for the VIP. We have been
successfully running SecureClient terminating on the VIP address  
without any
problems. However we are about to migrate to a new ISP that wants  
us to
allocate private addresses to the firewalls and the VIP and they  
will route
from the newly allocated public address range to us.


Tell the ISP that you need to have publicly routable IPs on the  
external interfaces of your firewalls in order to terminate your VPN  
clients, and that you cannot (and therefore will not) accept a  
network configuration that involves NAT translation.

If they do not make a /29 netblock available, find another ISP who is  
willing to provide a solution that works for your organization,  
rather than an ISP which insists upon creating problems for you.

-- 
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Terminating Secureclient on a private address range Steve Willis (Sep 13)
- Re: Terminating Secureclient on a private address range Martin Hoz (Sep 13)
- Re: Terminating Secureclient on a private address range Chuck Swiger (Sep 13)
- <Possible follow-ups>
- Re: Terminating Secureclient on a private address range stevewillis (Sep 14)
  - Re: Terminating Secureclient on a private address range Martin Hoz (Sep 17)
- Re: Terminating Secureclient on a private address range stevewillis (Sep 19)