Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[FW-1] vpn behind nat?
.

  • To: [EMAIL PROTECTED]
  • Subject: [FW-1] vpn behind nat?
  • From: Jose Garcia <[EMAIL PROTECTED]>
  • Date: Fri, 1 Aug 2003 10:51:34 +0200
  • In-reply-to: <[EMAIL PROTECTED]>
  • Reply-to: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>
  • Sender: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>
.
 
Hi Matt,
I didn't find any reference to a "resolve_interface_ranges_nated_gw"
property in Smartdashboard...can you provide more info on this?

However, I came across KB article sk11682 which seems to be the only one
addressing specifically this issue.
I guess that you may want to give it a try (provided it still applies to
AI...and you can translate it -:)
I will be glad to know the results!

Jose.

Jose Garcia
Technical Network Consultant
CSS N.V.
Tel: +32 475 66.04.05
Fax: +32 2 718.52.20
Email: [EMAIL PROTECTED]


> ------------------------------
>
> Date:    Thu, 31 Jul 2003 10:55:29 -0500
> From:    Matt Kehler <[EMAIL PROTECTED]>
> Subject: Re: Subject: vpn behind nat?
>
> Is there another option instead of doing the search and replace in
> userc.c?    If I flip the resolve_interface_ranges_nated_gw value by
> using SmartDashboard in AI...will this basically allow it to work?
>
> Or is that my only option?
>
>
> thx
> Matt
>
> >>> [EMAIL PROTECTED] 07/30/03 12:28PM >>>
> The following needs to be "port translated" from the external natting
> router, indeed to the external ip of the firewall.
> 500 udp&tcp
> 2746 udp
> 50 ip (esp)
> 264 tcp (topo download)
> if using Secureclient & Office mode, also 18231 tcp & 18233, 18234 udp
>
> Be advised that the SR clients will download a useless topology, since
the
> external ip of the FW is non routable. Basically, you will need to do a
> search and replace in userc.c file, and replace any occurence of the FW
> external ip by the real public ip.
>
>
> Jose Garcia
> Technical Network Consultant
> CSS N.V.
> Tel: +32 475 66.04.05
> Fax: +32 2 718.52.20
> Email: [EMAIL PROTECTED]
>
>
> >Date:    Tue, 29 Jul 2003 15:40:16 -0500
> >From:    Matt Kehler <[EMAIL PROTECTED]>
> >Subject: vpn behind nat?
>
> >I want to create a (client to site) VPN terminating on NG AI, but the
> firewall does NOT have a public routable IP >available. I am under the
> impression that I can NAT one of my public IP address *to* the firewall.
> If this is >correct; what ports to I need to NAT over?
>
> >thx
> >Matt

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.