Re: [FW-1] Another Office mode IP address question

Subject:	Re: [FW-1] Another Office mode IP address question
From:	Ramakrishnan Pillai <rpillai AT CHARLESTONCOUNTY DOT ORG>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 28 Feb 2006 11:07:21 -0500

I believe you should use a different subnet from what you have for office mode. 
 If you are using ipassignment.conf, you should use another subnet different 
from others.  This is required and will ease out routing issues.
 
Regards,
Ramakrishnan

>>> dstrom AT CIESIN.COLUMBIA DOT EDU 2/28/2006 9:54:17 AM >>>

We currently use SecuRemote in a limited way, because of the SR problem 
reported on this list where duplicate remote private IP address aren't 
handled.  (Boo, hiss!)

Since our Solaris servers use TCP wrappers to restrict access, we use IP 
Pool assignment on our NGX VPN-1 firewall to assign addresses from a 
range of IPs on our internal subnet.  I.e., suppose our LAN uses 
192.168.1.0/24 as the internal subnet, we allocate 10 IP numbers, say 
192.168.1.120 thru 192.168.1.129 for the IP pool, same subnetting as the 
rest of the LAN = 255.255.255.0.  Works fine for SR.  Note that with 
NGX, CP decided not to do auto-ARP again, so you have to do that manually.

Please bear with me, here's the question:  Can Office Mode IP address 
allocation work exactly the same way, using IP Pool style assignment, no 
DHCP server?  If so, how?   This would let us finally get some real use 
out of our VPN license since we have no use for site-to-site VPN.

Thanks.
--
David Strom

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Another Office mode IP address question, David Strom Re: [FW-1] Another Office mode IP address question, Neil Kemp Re: [FW-1] Another Office mode IP address question, Ramakrishnan Pillai <=

Previous by Date:	Re: [FW-1] Another Office mode IP address question, Neil Kemp
Next by Date:	Re: [FW-1] R: [FW-1] Backup and Restore SmartCenter and Gateway R55, Fabio Maria Teti
Previous by Thread:	Re: [FW-1] Another Office mode IP address question, Neil Kemp
Next by Thread:	[FW-1] Checkpoint CLM and RSA SecurID Authentication (please help!!!), cisco4ng
Indexes:	[Date] [Thread] [Top] [All Lists]