Yes you have to have the same Global Properties, but they are configured in the NAT tab (assuming you are using some version of NG). Something I failed to mention before is you should use an IP Pool that is not within your encryption domain (or LAN). This will help to eliminate routing issues, and you will not have to add ARP entries for each individual IP address within the IP Pool range. Also, when using Office Mode in NG, in order to get the IP address, you will need to use connect mode on the remote user's SecureClient.
-----Original Message----- From: Phillip BLATZHEIM [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 2:25 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN and DHCP Chris, Would you recommend the same Global Properties setting for Office Mode with IP Pool address Assignments? Thanks, Phillip Phillip Blatzheim ATOFINA Petrochemical, Inc. Information Technology -Network Services 15710 John F Kennedy Blvd Houston, TX 77032 Phone: +1 (281) 227-5545 Fax: +1 (281) 227-5515 Pager: +1 (281) 621-5545 Email: [EMAIL PROTECTED] "The truth is more important than the facts." Frank Lloyd Wright Chris Hoff <[EMAIL PROTECTED]> Sent by: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> 12/02/2003 09:58 AM Please respond to Mailing list for discussion of Firewall-1 To: [EMAIL PROTECTED] cc: Subject: Re: [FW-1] VPN and DHCP I would suggest using IP Pools. This can be accomplished by enabling it within the Global Properties > IP Pool NAT tab. You will need to create a network object for the IP Pool you want to us. You then need to edit your gateway object and enable it under the NAT tab - and choose the network you created for the IP Pool in there. Good Luck Chris -----Original Message----- From: Lenny Sanchez [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 7:51 PM To: [EMAIL PROTECTED] Subject: [FW-1] VPN and DHCP Hi guys, How do I assign my secure remote clients (some behind routers/fw's using IKE, some not, using FWZ) IP address? Everyone comes into the network on 192.168.x.x, and I would like to turn around and assign them 10.x.x.x. I'm running Checkpoint Firewall-1 4.1 SP6, with Secure ID authentication The way I have DHCP reservations configured on the network is to bind the MAC address of an node to a specific IP. If anyone could point me in the right direction, I would be much obliged. Thank you Lenny Sanchez ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
