The following needs to be "port translated" from the external natting
router, indeed to the external ip of the firewall.
500 udp&tcp
2746 udp
50 ip (esp)
264 tcp (topo download)
if using Secureclient & Office mode, also 18231 tcp & 18233, 18234 udp
Be advised that the SR clients will download a useless topology, since the
external ip of the FW is non routable. Basically, you will need to do a
search and replace in userc.c file, and replace any occurence of the FW
external ip by the real public ip.
Jose Garcia
Technical Network Consultant
CSS N.V.
Tel: +32 475 66.04.05
Fax: +32 2 718.52.20
Email: jgar AT cssnv DOT be
>Date: Tue, 29 Jul 2003 15:40:16 -0500
>From: Matt Kehler <mkehler AT WRHA.MB DOT CA>
>Subject: vpn behind nat?
>I want to create a (client to site) VPN terminating on NG AI, but the
firewall does NOT have a public routable IP >available. I am under the
impression that I can NAT one of my public IP address *to* the firewall.
If this is >correct; what ports to I need to NAT over?
>thx
>Matt
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
