Re: [FW-1] NAT Rule over IPSEC Tunnel

Subject:	Re: [FW-1] NAT Rule over IPSEC Tunnel
From:	Allen Bass <ABass AT WILLOWCSN DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 18 Jul 2006 16:43:05 -0400

Sean,
>From what I am reading the simple way would be to on your firewall
Address Translation do a manual nat.

Address translation tab

original
Source=vendor ip coming inbound
Destination=servernode (node with made up ip address vendor will target)
Service=any

Translated
Source=original
Destination=realserverip (node with real ip address of server)
Service=any

Basically packets from vendor sourcing from Vendor IP looking for
servernode will be translated to your correct inside address.

Try that 
Allen




Source=Vendor IP coming in.
Destination 

-----Original Message-----
From: Sean Donaghey/HDGH [mailto:Sean.Donaghey AT HDGH DOT ORG] 
Sent: Tuesday, July 18, 2006 3:55 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] NAT Rule over IPSEC Tunnel

I have an IPSEC tunnel between us and a vendor, and the vendor needs to
get to a couple of servers, but the IP's of these server conflicts with
something on their end.  They have asked me to NAT these servers to 2
other IP's.  I have never Done this, and I am unsure on how to format
the NAT rules.  The IP on my internal network is 10.10.10.13, and they
want it natted to 10.77.130.140.

Can someone please give me an idea on how to do this.

Thanks,.

Sean



The information contained in this e-mail message is confidential and
protected by law.  The information is intended only for the person or
organization addressed in this e-mail.  If you share or copy the
information you may be breaking the law.  If you have received this
e-mail by mistake, please notify the sender of the e-mail by the
telephone number listed on this e-mail.  Please destroy the original; do
not e-mail back the information or keep the original.

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] NAT Rule over IPSEC Tunnel, Sean Donaghey/HDGH Re: [FW-1] NAT Rule over IPSEC Tunnel, Allen Bass <= Re: [FW-1] NAT Rule over IPSEC Tunnel, Neil Kemp Re: [FW-1] NAT Rule over IPSEC Tunnel, cisco4ng [FW-1] Connectra secure WorkSpace, Andrej Skamen Re: [FW-1] Connectra secure WorkSpace, Reinhard Stich Re: [FW-1] NAT Rule over IPSEC Tunnel, Andrej Skamen

Previous by Date:	[FW-1] problem with backup command on NGX, Robert
Next by Date:	[FW-1] ConnectControl, Alvaro Gastambide
Previous by Thread:	[FW-1] NAT Rule over IPSEC Tunnel, Sean Donaghey/HDGH
Next by Thread:	Re: [FW-1] NAT Rule over IPSEC Tunnel, Neil Kemp
Indexes:	[Date] [Thread] [Top] [All Lists]