Hi! One of our customers had the problem with 4 securemote clients behind one officiall ip. Only one could establish the connection! The only thing i found hereto is a document which describes a solution making a gateway work with secure remote. But this is not supported by checkpoint at all!
-----Ursprungliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Auftrag von Crist Clark Gesendet: Donnerstag, 11. Dezember 2003 01:00 An: [EMAIL PROTECTED] Betreff: Re: [FW-1] VPN Question "Brian A. Bohanna" wrote: > > Hmmm, SO then I can have as many IPSec tunnells connecting to my gateway > from the outside originating from the same source IP? The IPsec protocol is capable of this. Whether the Checkpoint implementation can deal... 'Nother issue, but I expect it to. > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Crist > Clark > Sent: Wednesday, December 10, 2003 4:54 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] VPN Question > > "Brian A. Bohanna" wrote: > > > > Real quick one. > > > > I am assuming the answer is no (based on networking 101) but is there > > an option to allow several Secure Remote clients to creat tunnells to > > a single gateway originating from a single IP. I have a client who > > wishes to have 4 people behind their firewall (unknown vendor) aceess > > my VPN gateway. > > Well, networking 101 says that this is possible if we are talking IPsec > tunnels. For each tunnel the <src IP, dst IP, proto, SPI> quadruplet > must be unique. Given that the SPI is a 32-bit integer, you can have a > lot more than 4 hosts behind it. > > This is just the kind of situation that UDP/TCP encapsulation schemes of > IPsec is for, so I would _assume_ VPN-1 can deal, but I do not know for > sure. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
