[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] VPN with invalid IP addresses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know how I can set up a VPN from an Internet address, through to an internal (RFC1918) address through a firewall using proxy arp? The set up is as such: Internet Client (valid IP address) | | |210.x.y.z Firewall A (FW-1 4.1 SP1) |a.b.c.3 | | Internal Network (valid addresses a.b.0.0/16) | | |192.168.f.g Firewall B (RFC1918 address) | | | Secured Internal Network (RFC1918 addresses) A router between the Internal network and Firewall B carries IP from the valid internal network to the RFC1918 address range secured network. I don't have control of the Secured Internal Network's IP range. I was hoping to be able to get clients on the Internet to use 210.x.y.w, which would be proxy arp'd for 210.x.y.z, and then NAT 210.x.y.w to 192.168.f.g - but it doesn't seem to want to work. Any ideas - what have I done wrong or assumed that doesn't work? Kind Regards, Craig Little BSc, CPD, CPI, SCJP, CCSA, CCSE Inter-Networking / Security Consultant Shell Services International Phone: +64 4 462 4661 Fax: +64 4 463 4060 Mobile: +64 21 37 5858 PGP Fingerprint F3CE 6EB2 6B1A 10EA E355 A157 8012 D53A 6AE5 962F mailto:[email protected] http://www.shellservices.com By default attachments are compressed in WinZip format. If you cannot read them, please contact you Help Desk to have the WinZip utility installed. WinZip can be downloaded for free at http://www.winzip.com. This e-mail message and attachments are confidential between the intended parties and may be subject to legal privilege. If you have received this e-mail in error, please advise the sender immediately and destroy the message and any attachments. If you are not the intended recipient you are notified that any use, distribution, amendment, copying or any action taken or omitted to be taken in reliance of this message or attachments is prohibited. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOb0DFoAS1Tpq5ZYvEQLKwgCeNqog3vkHT/q1gQeacWCRRudif4YAoMpW LIhnCBYpvgL8eMS9424CoW+H =dPai -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|