Erin,
If you are subject to address
translation, it is highly recommended to use
IKE instead of FWZ. Both encapsulated and unencapsulated FWZ are known not to
work with HIDE NAT at all.
Static NAT (1-to-1 address mapping) should work
with FWZ in either mode provided you allow IP Protocol 94, UDP Port 259, and
other services if you use FWZ in unencapsulated mode. However, most NAT gateways
will reject unencapsulated FWZ packets because the checksums are changed to
support the FWZ encryption scheme.
If you are subject to any form of NAT, IKE is your best bet.
Victor Barrientos
Tivoli certified Consultant
RSA Security Certified RSA ACE/Server Engineer
) Office: +54 11 4819 3903
) Fax: +54 11 4811 7103
+ Office eMail: [EMAIL PROTECTED]
+ Alternative eMail: [EMAIL PROTECTED]
: Unifon Web Site: http://www.unifon.com.ar
Tivoli certified Consultant
RSA Security Certified RSA ACE/Server Engineer
) Office: +54 11 4819 3903
) Fax: +54 11 4811 7103
+ Office eMail: [EMAIL PROTECTED]
+ Alternative eMail: [EMAIL PROTECTED]
: Unifon Web Site: http://www.unifon.com.ar
----- Original Message -----
From: Erin Young <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 03, 2000 11:58
AM
Subject: [FW1] SecuRemote behind a natted
device
> I am using FWZ with encapsulation for Securemote users. Will this work
> behind a natted device. I have read the fw-1 archives and some people say
> yes and some say no. I am using FW-1 v4.1 sp2 on NTServer.
>
> Thank You!!
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
