[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IP pools
Does this apply even where VPN for Internal networks is not NAT'd ? Also - is this just a 4.1 thing ? TIA Tim Higgins Dan Hitchcock <[email protected]> Sent by: To: "'Jason Witty'" <[email protected]>, [email protected] [email protected] cc: [email protected] kpoint.com Subject: RE: [FW1] IP pools 21/09/00 18:20 Well said. I am currently using IP Pool NAT for SecuRemote to allow a smooth migration from our current *blessed* firewall to FW1. Works like a charm - both old VPN clients and SecuRemote clients get connectivity, NT domain logon, etc. Very fun. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: Jason Witty [mailto:[email protected]] Sent: Thursday, September 21, 2000 9:45 AM To: [email protected] Cc: [email protected] Subject: Re: [FW1] IP pools I can't really point you to any docs, other than the 4.1 VPN manuals, but basically, there are several reasons for using that feature. Most of the reasons deal with routing. For example, lets say your company has multiple Internet connections, in multiple locations, with a shared internal WAN between the locations. If a VPN user came into the network via location1's firewall, and you did NOT do an internal NAT pool, when they tried to access resources in location 2's network, the return packets would go out through location 2's firewall. Since that firewall wouldn't have known about the traffic, it would then be dropped, and hence the VPN would not fully work. Whew...Did that make any sense? If not, let me know and I'll clarify, but the basic idea is that you assign your VPN users a 10-dot (or whatever) tunnel address so that your route back can take a specific route and NOT a default route.... Hope this helps. Jason [email protected] wrote: > > Can someone please point me to a resource which explains exactly what IP > Pools are needed for. I know I have to use them if I am trying to do > VPN/Securemote stuff between two site which are both using say a 10.x.x.x > network and NAT'ing. But I am not clear why? I have read the CP > documentation. > Thanx > Paul > ---------------------------------------------------------------------------- ---------------- > > C. Paul Simons > Corporate Network Services > IHS Energy Group, Englewood, CO. > > Main:> Direct:> Fax:> Mobile:> > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ #********************************************************************** This message is intended solely for the use of the individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Hughes Network Systems Limited, including its European subsidiaries and affiliates. Hughes Network Systems Limited, including its European subsidiaries and affiliates accepts no responsibility for loss or damage arising from its use, including damage from virus. #********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|