We currently use SecuRemote in a limited way, because of the SR problem
reported on this list where duplicate remote private IP address aren't
handled. (Boo, hiss!)
Since our Solaris servers use TCP wrappers to restrict access, we use IP
Pool assignment on our NGX VPN-1 firewall to assign addresses from a
range of IPs on our internal subnet. I.e., suppose our LAN uses
192.168.1.0/24 as the internal subnet, we allocate 10 IP numbers, say
192.168.1.120 thru 192.168.1.129 for the IP pool, same subnetting as the
rest of the LAN = 255.255.255.0. Works fine for SR. Note that with
NGX, CP decided not to do auto-ARP again, so you have to do that manually.
Please bear with me, here's the question: Can Office Mode IP address
allocation work exactly the same way, using IP Pool style assignment, no
DHCP server? If so, how? This would let us finally get some real use
out of our VPN license since we have no use for site-to-site VPN.
Thanks.
--
David Strom
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
