The only thing you have to make sure is that your internal routers know to send traffic destined for the Office Mode range to your gateway. If your default route is to send everything at the gateway, you're already covered.
Ray
From: Joe Pope <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Another.....Another..... Another NAT question (SecuRem ote) Date: Fri, 24 Sep 2004 12:23:37 -0400
It works, at least on FW-1 R55 and SecureClient R55. We use Office Mode and it solve numerous remote access problems. You must make sure that the IP Pools you define for Office Mode do NOT conflict with the IP addresses in your enterprise domain.
My enterprise domain uses 10.x.x.x, and my IP Pools for Office Mode use 192.168.24.x I would suggest you use address ranges that are not routable accross the Internet and does not overlay with your private network.
P.S. another feature of Office Mode is that you can pass internal DNS and WINS servers settings to the SecureClient during logon!
Read the R55 VPN-1.pdf chapter 10, setup is fairly simple.
Hope this helps!
Joe
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Peter G. Viscarola Sent: Friday, September 24, 2004 11:10 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote)
> > Another advantage of SecureClient is that it has Office Mode, where > you can assign a specific network to remote users. >
WOW! (sorry, I'm a bit late to the discussion)
Can somebody, ANYbody, confirm that Office Mode actually does solve the original poster's problem (of being to access the private lan via VPN from the Hotel in the following setup):
Hotel Subnet A (192.168.1.xxx) --> internet --> FW --> Private Lan(192.168.1.xxx)
We've been "just living with" the problem of traveling and being at a hotel that conicidentally uses the same subnet address as our private lan. Because SecuRemote thinks you're within the encryption domain, it doesn't encrypt or authenticate (and thus no VPN access).
We've just upgraded from V4.1 to NG AI R55, and I've got our users still on Secure Remote for now. I've gotten Secure Client running with Office Mode and Visitor Mode (and all the other attendant goodies like IP compression) running for test purposes... But didn't realize it would solve the above problem.
Can somebody please confirm that they actually seen Office Mode solve this problem? If so, I'll be soooo totally thrilled and I'll be an instant hero,
Peter OSR
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee� Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
