Please refer to the following guides:
FireWall-1 Architecture and Administration
This book is the technical reference to FireWall-1 features, including
authentication and address translation. In addition, chapters on
troubleshooting and Frequently Asked Questions (FAQ) are included.
Virtual Private Networking with FireWall-1
This book describes how to establish a Virtual Private Network using
FireWall-1. Pages 73 - 102 (inclusive)
/cheers and jeers
/m
At 08:37 AM 7/19/00 -0700, [EMAIL PROTECTED] wrote:
>Mike,
>
>This is an interesting scenerio. FW1 has the ability to set up multiple
>VPNs and not all of them need to be to secure remote clients. If the VPN
>is permanent you should be able to name it and assign specific rules to
>apply to it. If you put these before the remote client rules in theory
>you should be able to enforce two difference filtering actions. I've
>never had occassion to do this so the following rule may apply.
>"In theory, theory is the same as practice. In practice, it seldom
>is." ;-] Best of luck
>
>-- Bill Stackpole, CISSP
>
>
>
>Mike Glassman - Admin <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>
>07/19/00 07:10 AM
>
> To: "'fw-1 listserv'"
> <[EMAIL PROTECTED]>, "'fw-gnac list'"
> <[EMAIL PROTECTED]>
> cc:
> Subject: VPN & NAT access on same server
>
>All,
>
>We have a specific scenario here where I am asked to allow access to a
>server (or servers), where some clients will have to use the SecuRemote
>(VPN) client, and some won't.
>
>Now as far as I understand it, once I have defined a server in the
>secured-servers list for access via the VPN, I will not be able to have a
>different access to the same server's NAT address, since the NAT address
>resolves to the internal address, which then requires that I have the VPN
>client.
>
>The reasoning behind this is as follows :
>
>We have certain clients, who are not part of our organisation, but who need
>access to certain systems/software on our internall servers.
>
>At the same time, we have clients who are a part of our organisation, who
>also need this access, but who we don't want to have the VPN client
>installed.
>
>As well as this, we have some systems which are accesable only through the
>firewall, even to clients on our internall network, on which we cannot
>install the VPN client for various reasons, and now we are required to allow
>externall clients access to this system as well, but only over a secured
>(VPN) link (military site).
>
>Anyone have any insight as to whether I can double up like this ? As in,
>allow access to the same system to users with VPN, and users without ? And
>if so, how.
>
>Thanks,
>
>Mike Glassman
>System & Security Admin
>Israeli Airports Authority
>Ben-Gurion Airport
>http://www.ben-gurion-airport.co.il
>
>Tel : 972-3-9710785
>Fax : 972-3-9710939
>Email : [EMAIL PROTECTED]
>
>Usage of this email address or any email address at iaa.gov.il for the
>purpose of sales pitches, SPAM or any other such unwanted garbage, is
>illegal, and any person, whether corporate or alone doing so, will be
>prosecuted to the fullest possible extent.
>
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
