Hello I had a look on the sk11682 and did some configuration changes as mentioned in there. I added a 2nd IP address (public) on the Nokia "out" interface. -> Problem both IP's are now on "eth2c0" (Privat and public) I added the same IP address in the topoplogy of the FW GUI Nokia. -> Problem I can not define 2 times "eth2c0"
Then I loaded the ruleset on the Nokia but still the same behave. Still the private IP on the I'm I really the only one with a config like that? The reason to try terminating the VPN in this special DMZ is, that I can use all existing objects, rules and whatever from a existing, well-running FW config. Thanks for any other help or hint! Stefan Haralambos Klitiropoulos <[EMAIL PROTECTED]> Sent by: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> 04.11.2004 18:18 Please respond to Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To [EMAIL PROTECTED] cc Subject Re: [FW-1] VPN-1 privat / public addresses Hello, when you create the site in SecureClient, FW-1 sends the topology information as Check Point calls it. Part of that information is the "outside" interface of the VPN gateway so that SecureClient/SecuRemote will know where to send the ESP data. I had a similar situation in the past where the firewall's external IP was translated by the router and I convinced my customer to give the firewall a real address. Although I might had a chance in fooling somehow FW-1 into sending the translated address to SecureClient, I chose not to do so in order to avoid possible problems in the future (after the installation of a CP hotfix etc). Why don't you terminate the VPN in your external firewall? [EMAIL PROTECTED] wrote: >Hi gurus > >I have a Nokia NG AI (R55) VPN gateway with private addresses. >This Nokia VPN gate is placed behind two CP firewalls. >The first CP firewall does the NAT from public IP to this private >address. > >If I connect with my SecurClient the first time (Build a new site) to the >public >address, I see traffic to the Nokia VPN gate. IKE_tcp, FW1_topo... >This looks good! > >After the first connect I see, in the SecureClient Diagnostics > >connection > >the destinaton IP = 192.168.x.x !!! and not our public address! >So connection is not possible anymore. > >I found a workaround for this problem. Parameter >"resolve_interface_ranges" >to "false", but did not realy "cure" the problem. > >Any help is appreciated! > > Stefan > > > > >*****Disclaimer***** > This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not the intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views expressed in this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and its entities for any damages resulting from e-mail use is excluded. US persons are kindly requested to read the important legal information presented at following URL: http://www.juliusbaer.com/maildisclaimer > > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= *****Disclaimer***** This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not the intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views expressed in this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and its entities for any damages resulting from e-mail use is excluded. US persons are kindly requested to read the important legal information presented at following URL: http://www.juliusbaer.com/maildisclaimer ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
