| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Encryption then NAT with FW1- Is this possible?
Hi guys,
I'm hoping someone on this list might have a definitive answer to
this question, or better still,
information on how to set this up.
What we are trying to do is encrypt outbound traffic on a FW1
firewall, using IPSEC and ISAKMP, and then NAT these encrypted
packets at an outer router before sending them off, as in the diagram
below:
Customer LAN
|-----------------|
|
FW1 (Tunnel Termination)
|
|
Router
|
Internet
|
Cisco 7200 (NAT)
|
PIX
|
FW1 (Tunnel Initiation)
|
|-----------------|
Our LAN
We know that this works with Router to PIX as we've already this, but
have been told that the FW1 VPN implementation will not be able to do
this.
We will not be able to terminate the tunnel on the PIX or 7200. If
this isn't possible we will be required to include public addresses
beyond the 7200 which we are reluctant to do. Unfortunately we
haven't been able to test this, but I can't see why it wouldn't work.
I know Firewall 1 encrypts then NAT's. All we seem to be doing is
performing the NAT on a different box.
I would really appreciate you comments and thoughts,
Regards,
BS
_____________________________________
Get your free E-mail at http://www.ireland.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
