Firewall Wizards mailing list archives

Re: VPN Gateway And Nat

From: Christopher Lee <clee () myhome homeip net>
Date: Sun, 23 Feb 2003 16:06:57 -0500

Or, create a special NAT rule on your firewall (where the traffic is 
originating from) and translate all traffics to the actual ip address of the 
firewall to the NATed IP on the router instead...

Obviously, this only works if the VPN traffics are only from certain networks...

Christopher Lee 
PGP Fingerprint: 15C1 65D0 E051 C64D 5246  89FC 5AE3 DE2C 8F1E 89A7 
Personal Web Page: http://complexity.webhop.net


Quoting Fredrik Lindström <fredrik () dunenets net>:

Hi,

I guess you're using Check Point products (VPN-1 Pro/Net) since you say you
use SecuRemote.

The configuration you describe is not supported in a Check Point
enviroment,
the VPN Gateway must always have a public IP address.

Regards

Fredrik

From: LE CORVIC Y InfoEdpEtcDep <Yoann.Le-Corvic () socgen com>
To: "'firewall-wizards () honor icsalabs com'"

<firewall-wizards () honor icsalabs com>

Date: Fri, 21 Feb 2003 16:44:47 +0100
Subject: [fw-wiz] VPN Gateway And Nat

Hi All,

I have a slight problem with a VPN configuration, and wanted to know if

you

all can help. Basically, here is the situation :

PROTECTED_NET-------VPNGATEWAY --------ROUTER-----ClientSecuremote

The public IP Adress of the VPN GATEWAY is natted at the ROUTER, so that

the

ClientSecuremote doesn't access the real IP Adress of the VPNGATEWAY, but
one on the ROUTER.

The intiation sequence works, and the authentication as well, be when the
network topology is downloaded, no access is possible on servers of the
PROTECTED_NET.

I suspect that after topology download, the real IP Adress of the gateway

is

given to ClientSecuremote, which uses it for the remaining of the
communication.

Is there a way to go around that problem, or is it a lost cause... ?

Thanks for your help.
*************************************************************************

Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.
Tout message electronique est susceptible d'alteration.
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au

titre de ce message s'il a ete altere, deforme ou falsifie.


********

This message and any attachments (the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.
E-mails are susceptible to alteration.
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall

be liable for the message if altered, changed or falsified.


*************************************************************************

--__--__--


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

VPN Gateway And Nat LE CORVIC Y InfoEdpEtcDep (Feb 21)
- <Possible follow-ups>
- Re: VPN Gateway And Nat Fredrik Lindström (Feb 22)
  - Re: VPN Gateway And Nat Christopher Lee (Feb 24)
  - Re: VPN Gateway And Nat Dave Mitchell (Feb 25)
- Re: VPN Gateway And Nat SimonChan (Feb 23)