Russell, I don't know how you could make this work off hand. First of all OfficeMode requires that you use a separate network address space that is reserved just for SecureClient. Secondly, it must not to be part of the topology that the internal network protects. So, if the users were on your internal network and were using the same OfficeMode IP address, the firewall would give you an 'address spoofing' message and would drop the packets. Unless the users connected to some sort of special network segment, that was connected through another interface on the firewall and that interface was configured as External, I don't see how it could work. Something to think about...
Just my opinion, Thomas G. Moody Sr. Network Security Admin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ · -----Original Message----- · From: Christian ALT [mailto:[EMAIL PROTECTED] · Sent: Thursday, January 29, 2004 10:52 AM · To: [EMAIL PROTECTED] · Subject: Re: [FW-1] Office Mode SecureClient · · How do you route through the gateway, if your users have tha · same IP address as on the internal LAN? · · Christian ALT · · Telecom and Logsitics Associates · Network and Security Company · · · -----Original Message----- · From: Mailing list for discussion of Firewall-1 · [mailto:[EMAIL PROTECTED] Behalf · Of Russell Aspinwall · Sent: mercredi, 28. janvier 2004 15:31 · To: [EMAIL PROTECTED] · Subject: [FW-1] Office Mode SecureClient · · · Hi, · · I am just going though the VPN-1 documentation, in · particular SecureClient "Office Mode". · · Given the scenario where SecureClient users use the same IP · address in Office as well as at home (they have routers · which are configured with the same internal net). Can Office · Mode be made to work so that the actual network address on · the computer is retained when connecting to the internal network? · · ================================================= · To set vacation, Out-Of-Office, or away messages, send an · email to [EMAIL PROTECTED] · in the BODY of the email add: · set fw-1-mailinglist nomail · ================================================= · To unsubscribe from this mailing list, · please see the instructions at · http://www.checkpoint.com/services/mailing.html · ================================================= · If you have any questions on how to change your subscription · options, email [EMAIL PROTECTED] · ================================================= · --- · Incoming mail is certified Virus Free. · Checked by AVG anti-virus system (http://www.grisoft.com). · Version: 6.0.571 / Virus Database: 361 - Release Date: 26.01.2004 · · --- · Outgoing mail is certified Virus Free. · Checked by AVG anti-virus system (http://www.grisoft.com). · Version: 6.0.571 / Virus Database: 361 - Release Date: 26.01.2004 · · ================================================= · To set vacation, Out-Of-Office, or away messages, send an · email to [EMAIL PROTECTED] · in the BODY of the email add: · set fw-1-mailinglist nomail · ================================================= · To unsubscribe from this mailing list, · please see the instructions at · http://www.checkpoint.com/services/mailing.html · ================================================= · If you have any questions on how to change your subscription · options, email [EMAIL PROTECTED] · ================================================= · ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
