--===============0225594286==
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary

HI Martin,



Thanks for the input, unfortunately I'm running NGAI R55 HFA17


Cheers
Dillan


> Martin Hoz wrote:
>
> On 9/13/06, Steve Willis wrote:
> >
> > We currently run a pair of Nokia ip350's in a HA pair. We have a

> public
> > address for each of the firewalls plus one for the VIP. We have been
> > successfully running SecureClient terminating on the VIP address

> without any
> > problems. However we are about to migrate to a new ISP that wants us

> to
> > allocate private addresses to the firewalls and the VIP and they will

> route
> > from the newly allocated public address range to us.
> >
> > I am unable to see how SecureClient will work in this way. Our ISP

> assure me
> > that this will work using NAT (they tell me this works on their

> PIX's). I
> > managed to track down one document on the net that basically says that
> > Checkpoint supplied an unsupported workaround, but even this will not

> work
> > in a HA configuration, and I am certainly not interested in an

> unsupported
> > option. I have agreed to try and get this working on the proviso that

> if it
> > does not we will get public addressing for the firewalls, but so far I

> have
> > been unsuccessful. Does anyone know if this is possible, and if so,

> any
> > pointers?
> >

>
> If you have a recent version (NGX), you can use the Link Selection
> feature (under the
> VPN properties on your cluster object), and then say that your cluster
> is
> "Statically NATed" behind NAT.
>
> I don't know what unsupported workaround you are talking about, but if
> you are
> referring to adding a fake external interface, this should work if you
> enable the
> dynamic interface resolving mechanism. :-)
>
> HTH - Good luck!
>
> - Martín.
>
> --
> **** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
> to save water? - O que você têm feito hoje para conservar a água?
> ** Mi página web: http://gama.fime.uanl.mx/~mhoz/
> * "Somos consecuencia del pasado, y causa de nuestro futuro."
> ** My Linux - http://www.slackware.com == My BSD -
> http://www.openbsd.org
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards


--===============0225594286==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0225594286==--