Firewall Wizards mailing list archives
Re: Terminating Secureclient on a private address range
From: Chuck Swiger <chuck () codefab com>
Date: Wed, 13 Sep 2006 09:32:19 -0700
On Sep 13, 2006, at 4:11 AM, Steve Willis wrote:
We currently run a pair of Nokia ip350's in a HA pair. We have a public address for each of the firewalls plus one for the VIP. We have been successfully running SecureClient terminating on the VIP address without any problems. However we are about to migrate to a new ISP that wants us to allocate private addresses to the firewalls and the VIP and they will route from the newly allocated public address range to us.
Tell the ISP that you need to have publicly routable IPs on the external interfaces of your firewalls in order to terminate your VPN clients, and that you cannot (and therefore will not) accept a network configuration that involves NAT translation. If they do not make a /29 netblock available, find another ISP who is willing to provide a solution that works for your organization, rather than an ISP which insists upon creating problems for you. -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Terminating Secureclient on a private address range Steve Willis (Sep 13)
- Re: Terminating Secureclient on a private address range Martin Hoz (Sep 13)
- Re: Terminating Secureclient on a private address range Chuck Swiger (Sep 13)
- <Possible follow-ups>
- Re: Terminating Secureclient on a private address range stevewillis (Sep 14)
- Re: Terminating Secureclient on a private address range Martin Hoz (Sep 17)
- Re: Terminating Secureclient on a private address range stevewillis (Sep 19)