[FW-1] VPN and NAT question

[Seigo Usui <sums@FW1-NOSPAMBLUE.OCN.NE.JP>]

Hello All,

I have a question regarding VPN.

My architecture is as shown below.

Inernet
 |
 |
 |
 |
 |(210.x.x.1 =external interface)
FireWall-1 -------------------------------WebServer<DMZ>
 |(172.16.0.1/16 =DMZ interface)        (172.16.0.3/16, Valid IP=210.x.x.10)
 |
 |
 |
 |
LocalNetwork(192.168.1.0/24)


WebServer's private IP address is 172.16.0.3, which is nated statically to 210.x.x.10.
LocalNetwork(192.168.1.0/24) and DMZ(172.16.0.0/16) is being defined as an encryption
domain behind FireWall-1.
Please notice that a Valid IP address for Webserver(210.x.x.10) is NOT being
included in the encryption domain behind FireWall-1,but just a private IP address(172.16.0.3/16).
Some users from Internet tries to connect to the above WebServer with VPN.
In this case, do I need to include Nated IP address into
an encryption domain behind FireWall-1 ?

Any advice would be greatly appreciated !

Seigo Usui

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================