Firewall Wizards mailing list archives
RE: Remote Access via Checkpoint VPN
From: "Orca" <klrorca () hotmail com>
Date: Fri, 20 Aug 2004 16:48:11 -0700
That is a bit harsh, You can put a 10.X space towards the internet, it just won't do any good, as nobody will route RFC1918 spaces. That being said judging from his notes there a router providing NAT on the "internet" side of his fire wall, correct? If so you also need to set your NAT static routes to allow the VPN through, which should be something like TCP port 50 for IPSEC UDP port 500 of IKE and TCP 264 for Checkpoint topology download. There might be more, I have not used a checkpoint for a while, check the docs. You will also have to do this for the firewall itself, to let it get to the DMZ. The versions of checkpoint I used (again old) would not bind by any port but the External, but they might have changed that. You can do this with a Cisco box though. -Steve -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Desai, Ashish Sent: Wednesday, August 18, 2004 7:57 AM To: Ludolph, Michel; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Remote Access via Checkpoint VPN You might want to read this BEFORE you try anything this X!@#$!#$ http://www.faqs.org/faqs/cisco-networking-faq/section-24.html You CANNOT expose 10.x address space to the Internet!!!!! Ashish -----Original Message----- From: Ludolph, Michel [mailto:Michel.Ludolph () atosorigin com] Sent: Tuesday, August 17, 2004 4:52 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Remote Access via Checkpoint VPN Hello, I have the following setup up with Checkpoint FW-1: Internet------10.x.x.x--FW--10.x.x.x----- Internal network | | | 20.20.20.20 (DMZ) Pease note: - the external FW-interface has a private IP-address (10.x.x.x). - the DMZ FW-interface has a public IP-address (20.20.20.20 as an example) I would like to setup a VPN on the FW, to which a remote client can connect via the Internet, using SecureClient. According to Checkpoint documentation the VPN should bind to the FW-external interface. This is the problem, my FW-external interface has a private IP-address, which is not routable via the Internet. In order to make this working I would like the VPN to bind to the DMZ-interface (20.20.20.20) instead of the external interface. Has anyone setup such a VPN and does it work or do you have any suggestions? Thanks for your help. michelDOTludolphATatosoriginDOTcom _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Remote Access via Checkpoint VPN Ludolph, Michel (Aug 17)
- <Possible follow-ups>
- RE: Remote Access via Checkpoint VPN MHawkins (Aug 17)
- Re: Remote Access via Checkpoint VPN Erick Mechler (Aug 20)
- RE: Remote Access via Checkpoint VPN Desai, Ashish (Aug 20)
- RE: Remote Access via Checkpoint VPN Orca (Aug 22)
- Re: Remote Access via Checkpoint VPN Devdas Bhagat (Aug 22)
- RE: Remote Access via Checkpoint VPN MHawkins (Aug 20)