Hello,
Go into Global Proprieties and under VPN-1 you will see
"
NAT
To hide the IP address of hosts behind the VPN-1 Net Gateway, select Hide
all connections. If you would like to hide the addresses only for
non-encrypted connections, i.e. connections that do involve community
members, select Hide only Non-Encrypted connections.
An alternative way to define NAT is to define Network Objects for the
machines that lie behind the VPN-1 Net module and require NAT and then set
automatic NAT rules in the NAT page of the Network Objects. Manual NAT rules
are not supported in VPN-1 Net.
Copyright (c) Check Point Software
"
-----Original Message-----
From: Cassio David Pereira [mailto:cassio.pereira AT EDINFOR.COM DOT BR]
Sent: Friday, September 24, 2004 9:23 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] XlateSrc, RemoteAccess (VPN):DOUBT
Hi,
I'am having a little problem with Remote Access (VPN).
I'am using ipassignment.conf to assign a specific address to me when I get
a connection (vpn).
Everything it is work very well, but always when I get a connection, the ip
assigned to me is translated to other.
The informations are in the log bellow. Why the ip is translated (column
XlateSrc)?
Because this, when I try to connection to any host that I opened a access
like ssh to ip assigned in ipassignment.conf, the logs of that machine show
me the XlateSrc.
The ipassignment.conf configuration:
wall addr 192.168.1.15 userxxx
External interface: eth4
Internal interface from the enforcement module: 172.16.30.70
My vpn network: 192.168.1.0/24
Appointed ip in ipassignment.conf: 192.168.1.15
Translated ip (xlatesrc): 192.168.1.1
My internal network: 172.16.40.0/24
Number: 183151
Date: 24Sep2004
Time: 10:00:39
Product: VPN-1 & FireWall-1
Interface: eth4
Origin: wall 172.16.30.70
Type: Account
Action: Decrypt
Service: nbname (137)
Source: 192.168.1.15
Destination: serverxxx 172.16.40.56
Protocol: udp
Rule: 1
NAT rule number: 0
NAT additional rule number: 0
Source Port: nbname (137)
User: userxxx
Source Key ID: 0x73167b7f
Elapsed: 0:01:19
Bytes: 9696
XlateSrc: 192.168.1.1
Client Inbound Bytes: 4896
Client Outbound Bytes: 4800
Server Inbound Bytes: 2700
Server Outbound Bytes: 2880
Client Inbound Packets: 30
Client Outbound Packets: 30
Server Inbound Packets: 30
Server Outbound Packets: 30
Encryption Scheme: IKE
VPN Peer Gateway: 200-98-146-91.tlf.xxxxxx.com
(200.98.146.91)
Encryption Methods: ESP: AES-256 + SHA1 + DEFLATE
Packets: 60
Start Time: 24Sep2004 10:00:39
Information: segment_time: 24Sep2004 10:00:39
Somebody could help me?
Regars,
Cassio
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
