Firewall Wizards mailing list archives
Re: Terminating Secureclient on a private address range
From: stevewillis () optusnet com au
Date: Thu, 14 Sep 2006 11:44:34 +1000
HI Martin, Thanks for the input, unfortunately I'm running NGAI R55 HFA17 Cheers Dillan
Martin Hoz <martinhoz () gmail com> wrote: On 9/13/06, Steve Willis <stevewillis () optusnet com au> wrote:We currently run a pair of Nokia ip350's in a HA pair. We have apublicaddress for each of the firewalls plus one for the VIP. We have been successfully running SecureClient terminating on the VIP addresswithout anyproblems. However we are about to migrate to a new ISP that wants ustoallocate private addresses to the firewalls and the VIP and they willroutefrom the newly allocated public address range to us. I am unable to see how SecureClient will work in this way. Our ISPassure methat this will work using NAT (they tell me this works on theirPIX's). Imanaged to track down one document on the net that basically says that Checkpoint supplied an unsupported workaround, but even this will notworkin a HA configuration, and I am certainly not interested in anunsupportedoption. I have agreed to try and get this working on the proviso thatif itdoes not we will get public addressing for the firewalls, but so far Ihavebeen unsuccessful. Does anyone know if this is possible, and if so,anypointers?If you have a recent version (NGX), you can use the Link Selection feature (under the VPN properties on your cluster object), and then say that your cluster is "Statically NATed" behind NAT. I don't know what unsupported workaround you are talking about, but if you are referring to adding a fake external interface, this should work if you enable the dynamic interface resolving mechanism. :-) HTH - Good luck! - Martín. -- **** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today to save water? - O que você têm feito hoje para conservar a água? ** Mi página web: http://gama.fime.uanl.mx/~mhoz/ * "Somos consecuencia del pasado, y causa de nuestro futuro." ** My Linux - http://www.slackware.com == My BSD - http://www.openbsd.org _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Terminating Secureclient on a private address range Steve Willis (Sep 13)
- Re: Terminating Secureclient on a private address range Martin Hoz (Sep 13)
- Re: Terminating Secureclient on a private address range Chuck Swiger (Sep 13)
- <Possible follow-ups>
- Re: Terminating Secureclient on a private address range stevewillis (Sep 14)
- Re: Terminating Secureclient on a private address range Martin Hoz (Sep 17)
- Re: Terminating Secureclient on a private address range stevewillis (Sep 19)