Hi, The Office Mode is only available using SecureClient. You have two options to asign the IPs in a per-user manner, using ipassignment.conf with IP Pools or using an internal DHCP server to asign the addresses to the per-user calculated virtual MAC (vpn macutil [username]).
In my case $FWDIR/conf/ipassignment.conf did not work. We are working with a clustered environment and we tried to put the files in different manners on both gateways with different ip pools assigned to each of them but with no success. We just get it working fine with DHCP. Can anybody explain how ipassignment.conf works in a clustered environment? Must the files on both gateways be the same? What happens when a user logs into de corporative network through a gateway that does not have the ip assigned to that user in his ip pool? What happens with the users whose assigned ip is in one gateways ip pool and that gateway gets down? Well, a lot of questions :-) In our case, at the beginning it also did not work with DHCP. That was due to that we assumed that the "vpn macutil" tool works with the plain username. In fact we are working with certificates and in that case I noticed that the only way to get the right mac-to-user relationship is using the "full" username. ie: gateway[admin]#> vpn macutil CN=plainusername,OU=users,O=smartcentername_uihgew C7-F7-4E-DF-19-28, "vpn macutil CN=plainusername,OU=users,O=smartcentername_uihgew" gateway[admin]#> Hope this helps, Regards, Eric Janz Departamento de Sistemas Grupo Barcel� Viajes C\ 16 de Julio, 75 07009 Poligono Son Castell� Palma de Mallorca - Baleares Tel.: +34 971 448030 Fax.: +34 971 436986 Mailing list for discussion of Firewall-1 <[email protected]> wrote on 07/06/2005 17:34:29: > Does upassignment.conf works with SecuRemote or only with SecureClient ? > > []'S > > -- > Antonio Costa > > [EMAIL PROTECTED] > TI - Analista de Redes e Seguranca > CCSE PLus / CCNA > MCSE / LinuxAdmin > Odebrecht Engenharia e Construcao > > Matriz Villa Lobos - Sao Paulo/SP > Av. Nacoes Unidas 4777, 1o. Andar > Tel.: +55-11-3443-9813/9000 > Fax.: +55-11-3443-9861 > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Joe Pope > Sent: Tuesday, June 07, 2005 10:48 AM > To: [email protected] > Subject: Re: [FW-1] VPN ip pool > > > See the ipassignment.conf file in the $FWDIR/conf directory. > I have used this and it works fine. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of > dhananjoy > Sent: Tuesday, June 07, 2005 5:12 AM > To: [email protected] > Subject: Re: [FW-1] VPN ip pool > > > Hi, > We are currently using the IP pool nat feature. > Is there any way I can bind users with a specific IPs, such that a > particular user requests are natted with a fixed IP everytime he > connects. > > On 6/5/05, Neil Kemp <[EMAIL PROTECTED]> wrote: > > > > You can use IP Pools where you create an address range (has to be > > outside > > of > > your Internal Network) and assign it. > > > > Works OK, done this a couple of times. > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On Behalf Of Cem > > Akbas > > Sent: Saturday, June 04, 2005 8:31 AM > > To: [email protected] > > Subject: [FW-1] VPN ip pool > > > > Using VPN-1 - Securemote, how can i assign IP address to clients. Or > > is it possible only for SecureClient. > > > > Thanks > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > > > ###################################################################### > > ############### > > This e-mail message has been scanned for Viruses and Content and > cleared > > by 3DMail > > > > ###################################################################### > > ############### > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > -- > Regards, > dhananjoy > India. > GSM # : 091-9899602123 > --------------------------------------------------------------- > Registered Linux user # 375503 > http://counter.li.org > --------------------------------------------------------------- > Some men see things as they are and say why? > I dream things that never were and say "Why Not?" > -Robert F. Kennedy > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
