[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Encryption then NAT with FW1- Is this possible?
Hi guys, I'm hoping someone on this list might have a definitive answer to this question, or better still, information on how to set this up. What we are trying to do is encrypt outbound traffic on a FW1 firewall, using IPSEC and ISAKMP, and then NAT these encrypted packets at an outer router before sending them off, as in the diagram below: Customer LAN |-----------------| | FW1 (Tunnel Termination) | | Router | Internet | Cisco 7200 (NAT) | PIX | FW1 (Tunnel Initiation) | |-----------------| Our LAN We know that this works with Router to PIX as we've already this, but have been told that the FW1 VPN implementation will not be able to do this. We will not be able to terminate the tunnel on the PIX or 7200. If this isn't possible we will be required to include public addresses beyond the 7200 which we are reluctant to do. Unfortunately we haven't been able to test this, but I can't see why it wouldn't work. I know Firewall 1 encrypts then NAT's. All we seem to be doing is performing the NAT on a different box. I would really appreciate you comments and thoughts, Regards, BS _____________________________________ Get your free E-mail at http://www.ireland.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|