Hey Curtis, Lot's of differnet opinions on this one. First, if you want the VPN boxes (contivities) behind your firewall, you have to open up IPSEC to them. But a big question, where are you doing NAT? Is the Checkpoint or the Contivity NATTING the private IP addresses?
If it's the Contivity, you may want to put the Contivity in parallel to the firewalls or run the Internal of the Contivity through an interface on your Checkpoint boxes. This way your checkpoint's are looking at Clear Text and can filter, if you run the IPSEC through it, then the Checkpoints just see encyrypted traffic and you have a harder time filtering on it. Thanks, Rob -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Moon, Curtis Sent: Monday, January 31, 2005 10:54 AM To: [email protected] Subject: [FW-1] Nortel VPN Extranet client through FW-1(R55) to Nortel VPN Extranet 2600 Does anyone know how to configure FW-1(R55) on Windows 2003 server and an Nortel VPN Extranet 2600 (Contivity) on internal network, so that a Nortel software clients(external) can pass through a FW-1 firewall and connect to a VPN Extranet 2600 (Contivity) Gateway (internal) (see schema below)? (1)Many Nortel VPN Clients --->Internet ---> (2)FW-1 (R55) Windows2003 ---->(3)Nortel Contivity Extranet 2600 Gateway Just want the external Nortel Clients to pass through FW-1 to the Nortel Contivity. If this can be done does it make sense? Is there an advantage to passing the ipsec traffic throught FW-1 or would it be the same as just allowing the Nortel Extranet 2600 to have a public ip address and just let the Nortel Clients connect directly to the Extranet 2600 and then connect it to our internal network? Thanks, Curtis Moon ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
