Hi Curtis, You can handle this situation in two ways;
1- For each host that needs to connect with Cisco VPN Client make sure they have a static internal IP and do a static NAT with one of your public IP available. Say that you have 5 hosts that requests VPN connectivity CISCO VPN Client you will need to create 5 static NAT rules (automatic or manual) with 5 public IP different. That way you are sure that it will work 2- I have heard that this is also possible by putting a router in the DMZ and internal users will static NAT to the router and the router goes out to the internet, so that way you'll need only one public IP for as many internal users that request Cisco VPN Connectivity. Personnally I have never done this setup...maybe someone else can elaborate a little bit more Thanks ----- Original Message ----- From: "Moon, Curtis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 10, 2003 11:34 AM Subject: [FW-1] VPN through NG FP3 HF2 > We are using NG FP3 HF2 on windows 2000 server. We have about 15 internal > work stations that need to use ipsec client software to vpn out through our > firewall and connect to external vpn server. I was wondering how people > handle this problem. I am not talking about FW to FW vpn tunnels or using > secure client or secure remote. I am talking about internal workstations(NAT > hiding) using vendor software like Cisco pix or some special ipsec compatible > software to connect out through the firewall to the external vpn. If this is > not possible, then does anyone have a suggestion on how to handle this. > > Thank you, > Curtis Moon > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
