If I am reading this right, the biggest problem I see with your scenario is the
fact that every VM has
its own IP on the network. This means that logically they are directly
connected to the network and
will not pass through the host machine to contact the office network. They
would in essence need an
instance of SecureClient on each VM.
One thing you could try doing is using NAT in the VM for accessing the network,
then (I think) all the
traffic will go through the host computer's network interface - and on into the
VPN. The problem with
this may be there is a requirement that each VM use a local address, then you
are stuck.
If you cannot get this to work, you could use a Sofaware box if you do not want
to centrally manage
the user's home network, or a VPN-1 Edge if you want to centrally manage them.
Make sure you NAT the
internal networks behind the external interface at the remote end, otherwise
the traffic will never
enter the VPN.
Christopher Hoff
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On
Behalf Of Jaja Banks
Sent: Wednesday, November 29, 2006 4:25 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Office Mode and Vmware machines with local IP addresses
Hi everyone,
I have an unusual setup in one of our branch offices, and I can't figure out
whether Check Point's VPN gateway will work for me.
The entire office is NAT'ed behind a local Linux Firewall right now (
192.168.x.x).
There are multiple servers internally that all have local IP address (
192.168.x.x).
Engineers that work in this office have laptops with local addresses, at
home they either use the same addresses, or wireless (non-conflicting
addresses).
Each engineer has Vmware machines on their laptops, all of which also have
addresses in the local range (192.168.x.x) so that when they're in the
office, everything works well.
What I want to happen - I'd like to use SecureClient on the laptops, and
have the engineers connect from home (VPN) to the Firewall, and then use
their VMware machines to access internal resources (like CVS servers, FTP
servers, etc). I want to avoid forcing the engineers to change networks in
their VMware machines every time they come home...
My questions:
1. Does Office Mode support this configuration? Will I need some more
tweaking with the local IP ranges?
2. If the answer to (1) is yes - what is the "smallest" Check Point VPN
device that will support this? (Sofaware, VPN-1 edge, or full blown VPN-1?)
3. If the answer to (1) is no - what should I change on this LAN in order to
make it work both in and out of the office with the VMware machines, with
Office Mode?
Thanks in advance...
Yossi
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
