RE: Remote Access via Checkpoint VPN

[MHawkins () TULLIB COM]

Michel,

You're completely off you're nut!

If you don't use a public IP on your firewall then I would suggest that alot
of your PMTU is broken as well as your potential VPN.

You should definitely configure a public IP on your firewall.

That's the only way to make it work correctly.

IMHO.

Mike H

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Ludolph,
Michel
Sent: Tuesday, August 17, 2004 4:52 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Remote Access via Checkpoint VPN


Hello, 

I have the following setup up with Checkpoint FW-1: 

Internet------10.x.x.x--FW--10.x.x.x----- Internal network 
                                | 
                                | 
                                | 
                        20.20.20.20 (DMZ) 

Pease note: 
- the external FW-interface has a private IP-address (10.x.x.x). 
- the DMZ FW-interface has a public IP-address (20.20.20.20 as an example) 

I would like to setup a VPN on the FW, to which a remote client can connect
via the Internet, using SecureClient. According to Checkpoint documentation
the VPN should bind to the FW-external interface. This is the problem, my
FW-external interface has a private IP-address, which is not routable via
the Internet. In order to make this working I would like the VPN to bind to
the DMZ-interface (20.20.20.20) instead of the external interface.

Has anyone setup such a VPN and does it work or do you have any suggestions?


Thanks for your help. 

michelDOTludolphATatosoriginDOTcom
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards