Hi,
> WOW! (sorry, I'm a bit late to the discussion)
>
> Can somebody, ANYbody, confirm that Office Mode actually does
> solve the
> original poster's problem (of being to access the private lan via VPN
> from the Hotel in the following setup):
>
> Hotel Subnet A (192.168.1.xxx) --> internet --> FW --> Private
> Lan(192.168.1.xxx)
>
Yes, that is what Office Mode is designed to do. The client will
actually source the traffic (before encapsulation into the ESP packet)
from the Office-Mode "shim" NIC that has been assigned an address by the
firewall. It's very similar to the way the Cisco VPN Client works, if
you are familiar with that, just that Cisco doesn't call it "Office
Mode" :).
Read the docs on Office Mode. The IP Pool you use has to be routable to
the firewall by the internal servers, and must not be in the encryption
domain. You can do clever tricks with DHCP and assigning addresses
through it as well.
> We've been "just living with" the problem of traveling and being at a
> hotel that conicidentally uses the same subnet address as our private
> lan. Because SecuRemote thinks you're within the encryption
> domain, it
> doesn't encrypt or authenticate (and thus no VPN access).
No need to do that. Office Mode will solve that for you. So would Nokia
NSAS, but that's a different product :).
> Can somebody please confirm that they actually seen Office Mode solve
> this problem? If so, I'll be soooo totally thrilled and I'll be an
> instant hero,
Wow. I need to find me a work environment like that. Do you get to wear
a cape? ;)
(Capes are in Issue 2 - if you got that reference, and "TF" is a bad
word in your family, then I feel with you :))
Regards
Thorsten Behrens
Senior Security Engineer
CCMSE CCSE+ CCNA CNE
INTEGRALIS
Your Trusted Security Partner
111 Founders Plaza
13th Floor
East Hartford, CT 06108
USA
Tel: +1 860 291 0851 x 2244
Fax: +1 860 291 0847
thorsten.behrens AT integralis DOT com
www.integralis.com
Please note that:
1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose, copy,
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in
accordance with lawful business practices.
3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are
subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is
sent.
http://www.integralis.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
