Well, it's partially working but I don't think it's going to work as I want. Adding the IP Pool NAT changed it so that when I tracert to X from SecuRemote, my first hop is now B's external interface whereas it timed out before. It now times out after this hop.
If I'm reading this right, the network I'm using for IP Pool NAT must be able to be routed on its own between the B gateway and the X network. That's not going to happen because our internal routers are managed and it takes an act of the Almighty to get those things changed. Also, B is not the internal network's gateway out of the network, it's a host on that network.
Is there any way to add a NAT rule so that the IP Pool NAT network on B can use Hide NAT so that it appears to be B's external IP address to our internal network?
Thanks,
Ray
From: Joachim Bassmann <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Complicated remote access problem using an internal firewall Date: Tue, 15 Jun 2004 12:13:23 +0200
Hi Ray,
--On Samstag, 12. Juni 2004 17:26 -0400 Ray Pesek <[EMAIL PROTECTED]> wrote:
We would like to let them still use SecuRemote to connect to "B" and get authenticated. We would have to add the new subnet "X" to the encryption domain of "B" but it's actually considered as external to "B".
you might get away using a NAT pool for the SR clients on B.
Define the NAT pool as internal to B and make a rule on B which allows the NAT pool access to X.
Then take care that the NAT pool is being routed from X to B.
good luck
Joachim Bassmann, DELOS AG, STuttgart, Germany ------------------------------------------------------------ Erst wenn das letzte Counterstrike indiziert, der letzte Videofilm verboten, und das Internet geschlossen ist, werdet Ihr merken, daß Ihr Eure Kinder doch erziehen müsst. - [EMAIL PROTECTED]
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================