[FW-1] Site2Site Tunnel with dynamic IP/DynDNS

Subject:	[FW-1] Site2Site Tunnel with dynamic IP/DynDNS
From:	Marcus Hess <marcus.hess AT PSB-GMBH DOT DE>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 26 Sep 2005 11:12:01 +0200

Hi there,

We have the following situation:
In a few weeks there will be a fair at which we will be present.
At the fair, we will have a ADSL Line which disconnects ever 24 hours and
gives a new IP.
The people at the fair need to access our network, which would not pose a
problem, as they could use a VPN client (SecureClient) for that.
The people here at home need to access the machines at the fair in case
anything goes wrong there. Some kind of service. The protocol that is used
to configure the machines (Step7, Siemens, RFC102) does not allow NAT. And
we have multiple of those machines. So I cannot use Port Forwarding from the
outside to the inside of the fair network.

I have a Draytek Vigor 2600 router here, which, normally, can establish a
Site2Site VPN Tunnel with a Checkpoint Firewall.
I also have a DynDNS entry which is updated from the router, so we always
know the current IP for the router.
But I failed to configure a Site2Site tunnel which has a DNS entry involved.
Checkpoint just seems to work with a fixed IP. I see some new options in R60
(which we upgraded to 2 weeks ago), which seem to point at the possibility
of dynamic tunnel endpoints working, but it does not accept any
configuration for which I set the IP of the Tunnel partner to dynamic or to
a DNS name, instead of a fixed IP.

So.. Are there any posibilities to configure site2site tunnels where one
side is a checkpoint firewall and the other one is a ipsec device on a
dynamic ip?

Best Regards,

psb GmbH


i.A.
Marcus Hess 

________________________________________________________
psb GmbH Materialfluss + Logistik
Blocksbergstrasse 145
D-66955 Pirmasens, Germany
Tel. +49 - (0) 63 31 / 7 17 - 0
Fax  +49 - (0) 63 31 / 7 17 - 1 99
Sitz und Registergericht / Located and registered: Pirmasens HRB 1055
USt-Ident-Nr. / VAT Registration no.: DE 811 343 849
Geschäftsführer / Managing Directors:
Dipl.-Ing. Robert Klein, Dipl.-Wirtsch.-Ing. Werner Klein
Allgemeine e-Mail-Adresse / General e-Mail address: info AT psb-gmbh DOT de
Internet-Adresse / Internet address: www.psb-gmbh.de 
________________________________________________________
Diese eMail ist nur nach Bestätigung durch psb per unterschriebenem Fax /
Brief rechtsverbindlich.
This email shall be considered as legally binding only after being confirmed
by signed fax / letter.


> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf 
> Of Scheurer Rolf
> Sent: Monday, September 26, 2005 10:03 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] SecureClient and Outlook
> 
> 
> Hi,
> 
> We are running R55 with HFA_16.
> We've got problems with outlook over a secureclient VPN 
> connection. It drops some DCE-RPC packets by rule 998 (dummy 
> rule) which makes outlook loosing it's connection to the 
> exchange server. We are working quite a while on this problem 
> together with the support, but still no solution :(
> 
> - we allowed the service ALL_DCR_RPC on the connections
> - we set ALLOW_135 in dcerpc.def to 1
> - we disabled almost all checks of smartdefence
> 
> Is there anybody who made the same experience with outlook 
> and secureclient?
> 
> Thanks in advance,
> rolf
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail 
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at 
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com 
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] SecureClient and Outlook, Scheurer Rolf [FW-1] Site2Site Tunnel with dynamic IP/DynDNS, Marcus Hess <= [FW-1] Licensing!, Meyers, Duncan Re: [FW-1] Licensing!, Edward Luck [FW-1] ClusterXL NGX R60, Meyers, Duncan [FW-1] NGX (R60) in a production environment ?, no-need to-list [FW-1] Vedr.: [FW-1] NGX (R60) in a production environment ?, Lars Schmidt-Petersen Re: [FW-1] NGX (R60) in a production environment ?, Bill Mathews Re: [FW-1] NGX (R60) in a production environment ?, no-need to-list Re: [FW-1] NGX (R60) in a production environment ?, Bill Mathews

Previous by Date:	[FW-1] SecureClient and Outlook, Scheurer Rolf
Next by Date:	[FW-1] Problem with anti-spoofing, René Caspar
Previous by Thread:	[FW-1] SecureClient and Outlook, Scheurer Rolf
Next by Thread:	[FW-1] Licensing!, Meyers, Duncan
Indexes:	[Date] [Thread] [Top] [All Lists]