Hi All, Will $FWDIR/conf/ipassignment.conf work, if we are not using Office mode ?
On 6/8/05, Eric Janz <[EMAIL PROTECTED]> wrote: > > Hi, > > The Office Mode is only available using SecureClient. You have two options > to asign the IPs in a per-user manner, using ipassignment.conf with IP > Pools or using an internal DHCP server to asign the addresses to the > per-user calculated virtual MAC (vpn macutil [username]). > > In my case $FWDIR/conf/ipassignment.conf did not work. We are working with > a clustered environment and we tried to put the files in different manners > on both gateways with different ip pools assigned to each of them but with > no success. We just get it working fine with DHCP. Can anybody explain how > ipassignment.conf works in a clustered environment? Must the files on both > gateways be the same? What happens when a user logs into de corporative > network through a gateway that does not have the ip assigned to that user > in his ip pool? What happens with the users whose assigned ip is in one > gateways ip pool and that gateway gets down? Well, a lot of questions :-) > > In our case, at the beginning it also did not work with DHCP. That was due > to that we assumed that the "vpn macutil" tool works with the plain > username. In fact we are working with certificates and in that case I > noticed that the only way to get the right mac-to-user relationship is > using the "full" username. > > ie: > > gateway[admin]#> vpn macutil > CN=plainusername,OU=users,O=smartcentername_uihgew > C7-F7-4E-DF-19-28, "vpn macutil > CN=plainusername,OU=users,O=smartcentername_uihgew" > gateway[admin]#> > > > Hope this helps, > Regards, > > Eric Janz > Departamento de Sistemas > Grupo Barcel� Viajes > > C\ 16 de Julio, 75 > 07009 Poligono Son Castell� > Palma de Mallorca - Baleares > Tel.: +34 971 448030 > Fax.: +34 971 436986 > > Mailing list for discussion of Firewall-1 > <[email protected]> wrote on 07/06/2005 17:34:29: > > > Does upassignment.conf works with SecuRemote or only with SecureClient ? > > > > []'S > > > > -- > > Antonio Costa > > > > [EMAIL PROTECTED] > > TI - Analista de Redes e Seguranca > > CCSE PLus / CCNA > > MCSE / LinuxAdmin > > Odebrecht Engenharia e Construcao > > > > Matriz Villa Lobos - Sao Paulo/SP > > Av. Nacoes Unidas 4777, 1o. Andar > > Tel.: +55-11-3443-9813/9000 > > Fax.: +55-11-3443-9861 > > > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] Behalf Of Joe Pope > > Sent: Tuesday, June 07, 2005 10:48 AM > > To: [email protected] > > Subject: Re: [FW-1] VPN ip pool > > > > > > See the ipassignment.conf file in the $FWDIR/conf directory. > > I have used this and it works fine. > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On Behalf Of > > dhananjoy > > Sent: Tuesday, June 07, 2005 5:12 AM > > To: [email protected] > > Subject: Re: [FW-1] VPN ip pool > > > > > > Hi, > > We are currently using the IP pool nat feature. > > Is there any way I can bind users with a specific IPs, such that a > > particular user requests are natted with a fixed IP everytime he > > connects. > > > > On 6/5/05, Neil Kemp <[EMAIL PROTECTED]> wrote: > > > > > > You can use IP Pools where you create an address range (has to be > > > outside > > > of > > > your Internal Network) and assign it. > > > > > > Works OK, done this a couple of times. > > > > > > -----Original Message----- > > > From: Mailing list for discussion of Firewall-1 > > > [mailto:[EMAIL PROTECTED] On Behalf Of Cem > > > Akbas > > > Sent: Saturday, June 04, 2005 8:31 AM > > > To: [email protected] > > > Subject: [FW-1] VPN ip pool > > > > > > Using VPN-1 - Securemote, how can i assign IP address to clients. Or > > > is it possible only for SecureClient. > > > > > > Thanks > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > > > > > > ###################################################################### > > > ############### > > > This e-mail message has been scanned for Viruses and Content and > > cleared > > > by 3DMail > > > > > > ###################################################################### > > > ############### > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > > > > > -- > > Regards, > > dhananjoy > > India. > > GSM # : 091-9899602123 > > --------------------------------------------------------------- > > Registered Linux user # 375503 > > http://counter.li.org > > --------------------------------------------------------------- > > Some men see things as they are and say why? > > I dream things that never were and say "Why Not?" > > -Robert F. Kennedy > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Regards, dhananjoy India. GSM # : 091-9899602123 --------------------------------------------------------------- Registered Linux user # 375503 http://counter.li.org --------------------------------------------------------------- Some men see things as they are and say why? I dream things that never were and say "Why Not?" -Robert F. Kennedy ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
