Here are my thoughts.
A) split tunneling is disabled. (in this case all traffic, is destined down the
VPN tunnel). This is specifically designed to prevent your type of scenario
and/or other attack vectors brought on by trojans, viruses, rootkits, etc.
Usually modification of routes will automatically drop the connection.
B) even if split tunneling is enabled (allowing you to connect to corporate,
while using the other line for internet), this "other" network will need to be
defined as a network on the vpn endpoint, otherwise at best, anti-spoofing
rules will drop the packets. At worst, the firewall will route the packet to
the destination and then back out to wherever its default route is assigned.
You would really have to NAT the traffic to the whatever IP is provided by vpn
server, for traffic to flow.
I don't know if this is a cost saving measure into establishing a Site to Site
VPN back to corporate. I am not even sure if secureclient will work with win2k
server. I understand there is a scaled down version of Checkpoint that allows
you just to use the site to site VPN piece instead of paying for the usual
checkpoint fw-1 license. That would really make more sense.
Cameron Kim
-----Original Message-----
From: Bona Gianluca [mailto:Bona.Gianluca AT ASF.ANSALDO DOT IT]
Sent: Wednesday, November 24, 2004 8:00 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecureClient R55 as "router"
Hi to everyone!
Has ever enyone of you tryed to configure a PC with SecuClient as a router, in
order to route packets coming from/to another network attached to his second
ethernet through VPN (by his primary ethernet card)?
Obviously FW1 assign to the clinet always same IP address, associated by the
same user, in Office Mode and the PC is a W2000 server with 2 ethernet card and
routing enabled.
Thanks in advance!!
Gianluca
«Le informazioni contenute in questo messaggio di posta elettronica sono
destinate esclusivamente agli individui e agli enti ai quali risulta
indirizzato.Il suo contenuto (inclusi gli allegati) sono confidenziali e
riservati: se Lei non è tra i destinatari originari non deve utilizzare,
rivelare, trasmettere, copiare né stampare il suo contenuto; se Lei ha ricevuto
questo messaggio di posta elettronica per errore , è pregato di avvisarci
inviando un messaggio di posta elettronica all'indirizzo del mittente, e quindi
cancellare e distruggere il messaggio dal Suo sistema»
«The information contained in this e-mail is intended only for the individual
or entity to whom it is addressed . Its contents (including any
attachments) are confidential and privileged: if you are not an intended
recipient you must not use, disclose, disseminate, copy or print its contents;
If you have received this email by mistake please notify us by emailing the
sender, and then delete and destroy the email and any copies from your system»
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to LISTSERV AT
amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
