Hi, We have a customer who runs a UDP broadcast application. He has three IP ranges 10.1.0.0/16, 10.2.0.0/16 and 10.3.0.0/16. The IP range 10.3.0.0/16 is allocated to dial-up clients. The UDP broadcast information is generated from 10.1.0.0/16 network. Also the clients need to talk on TCP to servers in 10.1.0.0/16. At present a ip helper address command is used on the (ciso) router to convert the broadcast on 10.1.0.0/16 to broadcasts on the other networks (10.2.0.0/16 and 10.3.0.0/16). The 10.1.0.0/16 and 10.2.0.0/16 networks are connected using leased links to a local ISP. The dial clients also dial to the same ISP. We need to secure the 10.1.0.0/16 network using a checkpoint firewall. Also we need a firewall to firewall VPN between 10.1.0.0/16 and 10.2.0.0/16. Firewall to dial-up client VPN is required between 10.1.0.0/16 and 10.3.0.0/16. My problem is that the checkpoint firewall needs to be placed behind the router. The VPN is to be originated by the firewall, but iphelper address is done on the router. Can anyone suggest an alternate design to me? Thanks in advance. Regards Piet PIET NORVAL Specialist - Networks and Systems CCNP, MCSE __________________________________________________________________ Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
