Greetings,
I have a major VPN issue here in CA
a)Secu-Remote users in CA are able to read mail,
access Net, in short do everything as a non-VPN user
here.
b)Secu-Remote users in CA are unable to access our
parent company's intranet resources in Atlanta. For
eg: accessing an internal webserver which has got a
10.x address. There is no FW between us.
I opened a ticket with Checkpoint re-seeler and the
conclusion is
a)Since Securemote users have a valid IP from the ISP
and since we do NOT do NAT. The packet does reach the
internal web server, but doesn't know how to come
back.
My Question is
a)How do I do a source NAT "only on the VPN packets"
so that it changes from a legal IP to an illegal 10.x
address.
We use the latest version of Checkpoint & VPN (4.x).
Currently the rule for VPN users is
Source -> allusers@any
Destination --> Internal networks
Service ---> Any
Action--->Client encryption
Encryption domain--->Internal networks
I have included the web server's address as part of
the encryption domain.
We use FWZ and ISAKEMP for encryption and Radius for
Authentication.
Will appreciate if anyone gives me a quick solution as
it is snowballing into a major issue.
Raghu
CA
__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
