[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IPSEC with same LAN ip ranges.

To: [email protected], [email protected], [email protected]
Subject: RE: [FW1] IPSEC with same LAN ip ranges.
From: [email protected]
Date: Wed, 17 Jan 2001 06:54:56 -0600
Sender: [email protected]


This won't work at all. This is completely against the design of SecuRemote.


SR will encrypt and send to the appropriate gateway when it sees a packet
destined for a remote network. However, since the destination network is the
same as what the LAN card is, SR will never kick in and encrypt. The whole
time, your NIC is ARP'ing for your remote server, since the client thinks
that it's local to itself.

HTH,

Dave O.

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, January 17, 2001 6:38 AM
To: [email protected]; [email protected]
Subject: RE: [FW1] IPSEC with same LAN ip ranges.



If this is the case you must NAT twice, one on the out going router and then
again on the firewall so that the source and destination networks are not
the same. Or re-address the one of the lans ( a bit of sub netting perhaps)


Andrew Shore
BTcd 
Information Systems Engineering
Internet & Multimedia 


-----Original Message-----
From: LOLLIKE,THOMAS (HP-Denmark,ex1) [mailto:[email protected]]
Sent: 17 January 2001 08:55
To: [email protected]
Subject: [FW1] IPSEC with same LAN ip ranges.



Dear all

If you are running FW-1 sp3 and SecuRemote build 4174, and are using IPSEC
encapsulated in UDP. It works fine with NAT, but not if the local LAN uses
the same privat network as behind the firewall. Does anyone knows if a case
like this can work.

SecureClient on LAN 10.1.1.0/24 - NAT router - public IP - CP 4.1 sp3 - LAN
10.1.1.0/24. 

Best Regards

Thomas Lollike
mailto:[email protected]


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Strange things in RH62 + Fw1-41-Sp2( kmalloc: Size (275548) too large )
Next by Date: [FW1] FW-1, Reporting module
Prev by thread: RE: [FW1] IPSEC with same LAN ip ranges.
Next by thread: [FW1] Strange things in RH62 + Fw1-41-Sp2( kmalloc: Size (275548) too large )
Index(es):
- Date
- Thread