Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] General Question on SecuRemote and SecureClient

To: [email protected]
Subject: Re: [FW-1] General Question on SecuRemote and SecureClient
From: Shawn Kearley <[email protected]>
Date: Mon, 11 Mar 2002 13:04:09 -0330
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

The problem I am considering is not an overlap between the Home Network and
the Corporate Network, The problem I am wondering about is when two remote
users with the same local IP address connect to the corporate network at the
same time, i.e.:

Home User 1
192.168.1.100 -----|
                   |-- Corporate Firewall --- Internal Network
(192.168.100.x)
Home User 2        |
192.168.1.100 -----|

Will there be a problem with this connection if IP Pool NAT is not used?

Shawn

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: March 11, 2002 12:04 PM
To: [email protected]
Subject: Re: [FW-1] General Question on SecuRemote and SecureClient


> Over the weekend, I picked up for myself, a Linksis DSL router for home,
and
> when I was setting it up, I realized that using the defaults, as many
users
> would, anyone using one of these devices will be getting the same network,
> and potentially the same IP address on their home system.
>
> What I am wondering about, is will I have any problems if two users,
> establish a VPN connection to us, who are using the same internal IP
Address
> on their home system.  By not using IP Pool NAT, the IP Address used
within
> the corporate network, is the same address on the home system.  Will
> Checkpoint correctly route the traffic to the correct Remote PC, or will I
> likely run into difficulties.
>
> On a similar note, if I should enable IP Pool NAT to clear up the above
> issue, will I need to re-deploy a USERC.C file to the remote PCs or is
this
> totally internal to the Firewall box.  I am asking this because some of
our
> VPN users are remote vendors who were reluctant to use the software in the
> first place, and I don't want to inconvenience them further unless I have
> to.
IP NAT Pool will not fix this problem. You need to use different addresses
on your internal network or the home networks.

-don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] General Question on SecuRemote and SecureClient
  - From: Don <[email protected]>
- Re: [FW-1] General Question on SecuRemote and SecureClient
  - From: Larry <[email protected]>

Prev by Date: Re: [FW-1] IPX with FW1
Next by Date: Re: [FW-1] Why would 'get interfaces' timeout?
Previous by thread: Re: [FW-1] General Question on SecuRemote and SecureClient
Next by thread: Re: [FW-1] General Question on SecuRemote and SecureClient
Index(es):
- Date
- Thread