Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote)

from Ray [Permanent Link]
Subject: Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote)
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 24 Sep 2004 20:26:24 -0400 
You actually can use any IP range you want for the Office Mode IP Pool as
long as it's routable from any internal location to the internal interface
of the gateway. A simple traceroute will confirm your routing. The Office
Mode IPs are never exposed on the Internet.

Since NG AI, you can have the Office Mode IP Pool in your encryption domain.
We do. It allows SecureClient-to-SecureClient connections (think VoIP or
NetMeeting).

Ray


From: Jean-Francois Gobin <gobin AT GOBINJF DOT BE>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Another.....Another..... Another NAT question
(SecuRemote)
Date: Fri, 24 Sep 2004 20:54:06 +0200

Yes, it can solve it. Just allocate a small part of the 192.168.1.x (for
ex. 150->160) and exclude it from the DHCP or from the static addressing,
and just set up arp proxy in the FW for those IP.

JF

On Fri, 24 Sep 2004, Peter G. Viscarola wrote:



Another advantage of SecureClient is that it has Office Mode,
where you can assign a specific network to remote users.



WOW!  (sorry, I'm a bit late to the discussion)

Can somebody, ANYbody, confirm that Office Mode actually does solve the
original poster's problem (of being to access the private lan via VPN
from the Hotel in the following setup):

Hotel Subnet A (192.168.1.xxx) --> internet --> FW --> Private
Lan(192.168.1.xxx)

We've been "just living with" the problem of traveling and being at a
hotel that conicidentally uses the same subnet address as our private
lan.  Because SecuRemote thinks you're within the encryption domain, it
doesn't encrypt or authenticate (and thus no VPN access).

We've just upgraded from V4.1 to NG AI R55, and I've got our users still
on Secure Remote for now.  I've gotten Secure Client running with Office
Mode and Visitor Mode (and all the other attendant goodies like IP
compression) running for test purposes... But didn't realize it would
solve the above problem.

Can somebody please confirm that they actually seen Office Mode solve
this problem?  If so, I'll be soooo totally thrilled and I'll be an
instant hero,

Peter
OSR

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be   mailto:gobin AT gobinjf DOT be

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Jeremy Lieb
Next by Date:  Re: [FW-1] Citrix through Edge VPN, Ray
Previous by Thread:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Jeremy Lieb
Next by Thread:  Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote), Ray
Indexes:  [Date] [Thread] [Top] [All Lists]