This is a discussion on Re: [fw-wiz] Terminating Secureclient on a private address range - Firewalls ; --===============0225594286== Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary HI Martin, Thanks for the input, unfortunately I'm running NGAI R55 HFA17 Cheers Dillan > Martin Hoz wrote: > > On 9/13/06, Steve Willis wrote: > > > > We currently run a ...
Thanks for the input, unfortunately I'm running NGAI R55 HFA17
> Martin Hoz
> On 9/13/06, Steve Willis
> > We currently run a pair of Nokia ip350's in a HA pair. We have a
> > address for each of the firewalls plus one for the VIP. We have been
> > successfully running SecureClient terminating on the VIP address
> without any
> > problems. However we are about to migrate to a new ISP that wants us
> > allocate private addresses to the firewalls and the VIP and they will
> > from the newly allocated public address range to us.
> > I am unable to see how SecureClient will work in this way. Our ISP
> assure me
> > that this will work using NAT (they tell me this works on their
> PIX's). I
> > managed to track down one document on the net that basically says that
> > Checkpoint supplied an unsupported workaround, but even this will not
> > in a HA configuration, and I am certainly not interested in an
> > option. I have agreed to try and get this working on the proviso that
> if it
> > does not we will get public addressing for the firewalls, but so far I
> > been unsuccessful. Does anyone know if this is possible, and if so,
> > pointers?
> If you have a recent version (NGX), you can use the Link Selection
> feature (under the
> VPN properties on your cluster object), and then say that your cluster
> "Statically NATed" behind NAT.
> I don't know what unsupported workaround you are talking about, but if
> you are
> referring to adding a fake external interface, this should work if you
> enable the
> dynamic interface resolving mechanism. :-)
> HTH - Good luck!
> - Martín.
> **** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
> to save water? - O que você têm feito hoje para conservar a água?
> ** Mi página web: http://gama.fime.uanl.mx/~mhoz/
> * "Somos consecuencia del pasado, y causa de nuestro futuro."
> ** My Linux - http://www.slackware.com == My BSD -
> firewall-wizards mailing list
Content-Type: text/plain; charset="us-ascii"
firewall-wizards mailing list