Nick, No, I _am_ using private RFC1918 IP addresses inside the Firewall. However, I'm using SecuRemote with encapsulation, so this doesn't cause a problem. I want to NAT the inbound packets from the Internet (i.e. "Any" source or ideally "not internal-network" source if only the NAT rules allowed negation!) to hide behind the Firewall's own internal IP address (on the private RFC1918 LAN). This way, I don't need any routing changes on the target systems that are being accessed by SecuRemote because they will see the SecuRemote packets as coming from a local address (the Firewall's internal LAN address). Roy Hills NTA Monitor Ltd At 14:10 02/06/00 -0400, Nick Potkay wrote: >Roy, > >You are correct, I jumped the gun. I just realized you are using >route'able addresses behind the firewall - no static route (on the fw) or >default gateway for the client will be needed. If the internal addresses >were non-route'able - this would not work. It would require your internal >clients to have default routes via the firewall (which would defeat your >overall purpose & you would have to have static nat for each internal >host (what a mess) in order to get inbound hide-nat to work). > >-Nick -- Roy Hills Tel: +44 1634 721855 NTA Monitor Ltd FAX: +44 1634 721844 14 Ashford House, Beaufort Court, Medway City Estate, Email: [EMAIL PROTECTED] Rochester, Kent ME2 4FA, UK WWW: http://www.nta-monitor.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
