[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] VPN and NAT question
Hello All,
I have a question regarding VPN.
My architecture is as shown below.
Inernet
|
|
|
|
|(210.x.x.1 =external interface)
FireWall-1 -------------------------------WebServer<DMZ>
|(172.16.0.1/16 =DMZ interface) (172.16.0.3/16, Valid IP=210.x.x.10)
|
|
|
|
LocalNetwork(192.168.1.0/24)
WebServer's private IP address is 172.16.0.3, which is nated statically to 210.x.x.10.
LocalNetwork(192.168.1.0/24) and DMZ(172.16.0.0/16) is being defined as an encryption
domain behind FireWall-1.
Please notice that a Valid IP address for Webserver(210.x.x.10) is NOT being
included in the encryption domain behind FireWall-1,but just a private IP address(172.16.0.3/16).
Some users from Internet tries to connect to the above WebServer with VPN.
In this case, do I need to include Nated IP address into
an encryption domain behind FireWall-1 ?
Any advice would be greatly appreciated !
Seigo Usui
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================