Re: [fw-wiz] Terminating Secureclient on a private address range
Thanks for the input, unfortunately I'm running NGAI R55 HFA17
> Martin Hoz <firstname.lastname@example.org> wrote:
> On 9/13/06, Steve Willis <email@example.com> wrote:[color=green]
> > We currently run a pair of Nokia ip350's in a HA pair. We have a[/color]
> > address for each of the firewalls plus one for the VIP. We have been
> > successfully running SecureClient terminating on the VIP address[/color]
> without any[color=green]
> > problems. However we are about to migrate to a new ISP that wants us[/color]
> > allocate private addresses to the firewalls and the VIP and they will[/color]
> > from the newly allocated public address range to us.
> > I am unable to see how SecureClient will work in this way. Our ISP[/color]
> assure me[color=green]
> > that this will work using NAT (they tell me this works on their[/color]
> PIX's). I[color=green]
> > managed to track down one document on the net that basically says that
> > Checkpoint supplied an unsupported workaround, but even this will not[/color]
> > in a HA configuration, and I am certainly not interested in an[/color]
> > option. I have agreed to try and get this working on the proviso that[/color]
> if it[color=green]
> > does not we will get public addressing for the firewalls, but so far I[/color]
> > been unsuccessful. Does anyone know if this is possible, and if so,[/color]
> > pointers?
> If you have a recent version (NGX), you can use the Link Selection
> feature (under the
> VPN properties on your cluster object), and then say that your cluster
> "Statically NATed" behind NAT.
> I don't know what unsupported workaround you are talking about, but if
> you are
> referring to adding a fake external interface, this should work if you
> enable the
> dynamic interface resolving mechanism. :-)
> HTH - Good luck!
> - Martín.
> **** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
> to save water? - O que você têm feito hoje para conservar a água?
> ** Mi página web: [url]http://gama.fime.uanl.mx/~mhoz/[/url]
> * "Somos consecuencia del pasado, y causa de nuestro futuro."
> ** My Linux - [url]http://www.slackware.com[/url] == My BSD -
> firewall-wizards mailing list
Content-Type: text/plain; charset="us-ascii"
firewall-wizards mailing list