Derek, Thanks very much for your assistance....I'll let ya know how it turns out !
Joe -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of O'Flynn, Derek Sent: Tuesday, February 01, 2005 11:29 AM To: [email protected] Subject: Re: [FW-1] SR or SC connecting from INSIDE??? Yes you can do this. Set the encryption domain of the gateway to 10.120.x.x, and then when you connect from anything outside of that it will encrypt for that connection. If you need SR access to 10.10.x.x from external networks, this of course will not work since 10.10.x.x is not included in the encryption domain. You can trick SR to do this however by manipulating the User.c file, which in turn controls it's split tunneling. Set the gateway encryption domain to include the 10.10.x.x and 10.120.x.x networks. You will then need to figure out what needs to be done in the user.c file so that it will encrypt for 10.10 networks. I believe you can just set the subnets in user.c to 10.0.0.0/8 and then for anything in 10.x.x.x you will encrypt for, or remove the 10.x.x.x networks from the defined lists, I can't remember the setup. You'll also have to figure out how to turn off Update, otherwise, once you connect it will overwrite any manual changes. Derek O'Flynn -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Clifton Sent: Monday, January 31, 2005 2:10 PM To: [email protected] Subject: [FW-1] SR or SC connecting from INSIDE??? Importance: High I know I should know the answer to this...but some confirmation from my peers would be helpful. We have 2 interfaces which are considered the inside, 10.10.0.1 (eth1) and 10.120.0.1 (eth2). I have blocked all traffic from 10.10.0.1 (eth1) from going over to the 10.120.0.1 (eth2) network. I allow 10.10.0.1 (eth1) traffic to go out to the internet only. Can I use SecuRemote or SecureClient on a machine on the 10.10.0.0/16 (eth1 interface) network to connect to the f/w and then access one or two servers on the 10.120.0.0/16 (eth2 interface) network? TIA :-D ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
