Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Home/Office NAT range conflicts

To: [email protected]
Subject: RE: [FW1] Home/Office NAT range conflicts
From: Jeff Newton <[email protected]>
Date: Tue, 9 Jan 2001 15:34:21 -0800 (PST)
Cc: [email protected], [email protected]
Reply-to: Jeff Newton <[email protected]>
Sender: [email protected]


Thanks for the input.  Can you explain to me how to set up IP Pool
NAT?  I do NAT internal addresses via the Address Translation tab but
I'm not sure how to set this up for incoming SR connections.

Cheers, 

>As there are some replies with negative answers or administrative 
solution,
>I'd better mention that in FW-1 4.1 you can use IP Pool NAT feature 
to
>safely translate SR user connections. It's pretty easy and straight 
forward.
>Consider using it if you are not or if your FW is still 4.0 or 
earlier.
>
>HOWEVER, there is one restriction. You need to make sure that 
conflicting
>internal network does NOT going through the FW to reach other part of
>internal network. In other words, you'll not be able to implement 
DMZ. Or
>you need to have other internal measure to handle a connection from
>conflicting internal network to DMZ.
>
>Also, this solution will not work if home users are connecting to 
your own
>RAS. Remote users using unroutable address should be translated to 
different
>address before coming to the FW. This also requires UDP encapsulated 
IPSec.
>
>Lastly, I agree though that best practice is to enforce an 
administrative
>policy to restrict the IP address of home users. Isn't it much 
simpler?
>Then, it's better.
>
>Thanks,
>
>Sun Yu, CISSP
>Lucent Worldwide Services
>
>
>
>> -----Original Message-----
>> From: [email protected]
>> [mailto:[email protected]]On
>> Behalf Of Jeff
>> Newton
>> Sent: Tuesday, January 09, 2001 3:51 PM
>> To: [email protected]
>> Subject: [FW1] Home/Office NAT range conflicts
>>
>>
>>
>>
>> I have users with private NAT ranges in their home networks 
accessing
>> the office via SecuRemote.  I see a potential problem of ip address
>> conflicts with the private ranges used in the office.
>>
>> Any suggestions for how to deal with this?  I shudder at the idea 
of
>> having to manage/allocate ranges for use in employee's home 
networks.
>>
>> Perhaps there is a way to NAT them on the way in?
>>
>> Cheers,
>>
>> ----
>> Jeff Newton
>>
>>
>>
>>
>> ==============================================================
>> ==================
>>      To unsubscribe from this mailing list, please see the
>> instructions at
>>                http://www.checkpoint.com/services/mailing.html
>> ==============================================================
>> ==================
>>

----
Jeff Newton
Security Analyst
PMC-Sierra Inc.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] HA newbies question
Next by Date: RE: [FW1] Home/Office NAT range conflicts
Previous by thread: RE: [FW1] Home/Office NAT range conflicts
Next by thread: RE: [FW1] Home/Office NAT range conflicts
Index(es):
- Date
- Thread