Thanks a lot for all your feedback! On 6/8/05, Eric Janz <[EMAIL PROTECTED]> wrote: > > Hi, > > The response is No. The function of ipassignment.conf is to create a 1:1 > relationship between the connecting user and an ip from the IP Pool. The > only way to get ip's assigned to the users is with office Mode, > ipassignment.onf is only one of the two modes to asign ip-per-user (the > other is via DHCP). > > hope this helps, > Regards, > > Eric Janz > Departamento de Sistemas > Grupo Barcel� Viajes > > C\ 16 de Julio, 75 > 07009 Poligono Son Castell� > Palma de Mallorca - Baleares > Tel.: +34 971 448030 > Fax.: +34 971 436986 > > Mailing list for discussion of Firewall-1 > <[email protected]> wrote on 08/06/2005 11:58:52: > > > Hi All, > > Will $FWDIR/conf/ipassignment.conf work, if we are not using Office > mode ? > > > > > > On 6/8/05, Eric Janz <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > The Office Mode is only available using SecureClient. You have two > options > > > to asign the IPs in a per-user manner, using ipassignment.conf with IP > > > Pools or using an internal DHCP server to asign the addresses to the > > > per-user calculated virtual MAC (vpn macutil [username]). > > > > > > In my case $FWDIR/conf/ipassignment.conf did not work. We are working > with > > > a clustered environment and we tried to put the files in different > manners > > > on both gateways with different ip pools assigned to each of them but > with > > > no success. We just get it working fine with DHCP. Can anybody explain > how > > > ipassignment.conf works in a clustered environment? Must the files on > both > > > gateways be the same? What happens when a user logs into de > corporative > > > network through a gateway that does not have the ip assigned to that > user > > > in his ip pool? What happens with the users whose assigned ip is in > one > > > gateways ip pool and that gateway gets down? Well, a lot of questions > :-) > > > > > > In our case, at the beginning it also did not work with DHCP. That was > due > > > to that we assumed that the "vpn macutil" tool works with the plain > > > username. In fact we are working with certificates and in that case I > > > noticed that the only way to get the right mac-to-user relationship is > > > using the "full" username. > > > > > > ie: > > > > > > gateway[admin]#> vpn macutil > > > CN=plainusername,OU=users,O=smartcentername_uihgew > > > C7-F7-4E-DF-19-28, "vpn macutil > > > CN=plainusername,OU=users,O=smartcentername_uihgew" > > > gateway[admin]#> > > > > > > > > > Hope this helps, > > > Regards, > > > > > > Eric Janz > > > Departamento de Sistemas > > > Grupo Barcel� Viajes > > > > > > C\ 16 de Julio, 75 > > > 07009 Poligono Son Castell� > > > Palma de Mallorca - Baleares > > > Tel.: +34 971 448030 > > > Fax.: +34 971 436986 > > > > > > Mailing list for discussion of Firewall-1 > > > <[email protected]> wrote on 07/06/2005 > 17:34:29: > > > > > > > Does upassignment.conf works with SecuRemote or only with > SecureClient ? > > > > > > > > []'S > > > > > > > > -- > > > > Antonio Costa > > > > > > > > [EMAIL PROTECTED] > > > > TI - Analista de Redes e Seguranca > > > > CCSE PLus / CCNA > > > > MCSE / LinuxAdmin > > > > Odebrecht Engenharia e Construcao > > > > > > > > Matriz Villa Lobos - Sao Paulo/SP > > > > Av. Nacoes Unidas 4777, 1o. Andar > > > > Tel.: +55-11-3443-9813/9000 > > > > Fax.: +55-11-3443-9861 > > > > > > > > > > > > -----Original Message----- > > > > From: Mailing list for discussion of Firewall-1 > > > > [mailto:[EMAIL PROTECTED] Behalf Of Joe > Pope > > > > Sent: Tuesday, June 07, 2005 10:48 AM > > > > To: [email protected] > > > > Subject: Re: [FW-1] VPN ip pool > > > > > > > > > > > > See the ipassignment.conf file in the $FWDIR/conf directory. > > > > I have used this and it works fine. > > > > > > > > -----Original Message----- > > > > From: Mailing list for discussion of Firewall-1 > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > > > dhananjoy > > > > Sent: Tuesday, June 07, 2005 5:12 AM > > > > To: [email protected] > > > > Subject: Re: [FW-1] VPN ip pool > > > > > > > > > > > > Hi, > > > > We are currently using the IP pool nat feature. > > > > Is there any way I can bind users with a specific IPs, such that a > > > > particular user requests are natted with a fixed IP everytime he > > > > connects. > > > > > > > > On 6/5/05, Neil Kemp <[EMAIL PROTECTED]> wrote: > > > > > > > > > > You can use IP Pools where you create an address range (has to be > > > > > outside > > > > > of > > > > > your Internal Network) and assign it. > > > > > > > > > > Works OK, done this a couple of times. > > > > > > > > > > -----Original Message----- > > > > > From: Mailing list for discussion of Firewall-1 > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > Cem > > > > > Akbas > > > > > Sent: Saturday, June 04, 2005 8:31 AM > > > > > To: [email protected] > > > > > Subject: [FW-1] VPN ip pool > > > > > > > > > > Using VPN-1 - Securemote, how can i assign IP address to clients. > Or > > > > > is it possible only for SecureClient. > > > > > > > > > > Thanks > > > > > > > > > > ================================================= > > > > > To set vacation, Out-Of-Office, or away messages, > > > > > send an email to [EMAIL PROTECTED] > > > > > in the BODY of the email add: > > > > > set fw-1-mailinglist nomail > > > > > ================================================= > > > > > To unsubscribe from this mailing list, > > > > > please see the instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > > ================================================= > > > > > If you have any questions on how to change your > > > > > subscription options, email > > > > > [EMAIL PROTECTED] > > > > > ================================================= > > > > > > > > > > > > > > > > > > > > > ###################################################################### > > > > > ############### > > > > > This e-mail message has been scanned for Viruses and Content and > > > > cleared > > > > > by 3DMail > > > > > > > > > > > ###################################################################### > > > > > ############### > > > > > > > > > > ================================================= > > > > > To set vacation, Out-Of-Office, or away messages, > > > > > send an email to [EMAIL PROTECTED] > > > > > in the BODY of the email add: > > > > > set fw-1-mailinglist nomail > > > > > ================================================= > > > > > To unsubscribe from this mailing list, > > > > > please see the instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > > ================================================= > > > > > If you have any questions on how to change your > > > > > subscription options, email > > > > > [EMAIL PROTECTED] > > > > > ================================================= > > > > > > > > > > > > > > > > > > > > > -- > > > > Regards, > > > > dhananjoy > > > > India. > > > > GSM # : 091-9899602123 > > > > --------------------------------------------------------------- > > > > Registered Linux user # 375503 > > > > http://counter.li.org > > > > --------------------------------------------------------------- > > > > Some men see things as they are and say why? > > > > I dream things that never were and say "Why Not?" > > > > -Robert F. Kennedy > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, > > > > send an email to [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, > > > > please see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > > subscription options, email > > > > [EMAIL PROTECTED] > > > > ================================================= > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, > > > > send an email to [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, > > > > please see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > > subscription options, email > > > > [EMAIL PROTECTED] > > > > ================================================= > > > > > > > > ================================================= > > > > To set vacation, Out-Of-Office, or away messages, > > > > send an email to [EMAIL PROTECTED] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, > > > > please see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > > subscription options, email > > > > [EMAIL PROTECTED] > > > > ================================================= > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > > > > > -- > > Regards, > > dhananjoy > > India. > > GSM # : 091-9899602123 > > --------------------------------------------------------------- > > Registered Linux user # 375503 > > http://counter.li.org > > --------------------------------------------------------------- > > Some men see things as they are and say why? > > I dream things that never were and say "Why Not?" > > -Robert F. Kennedy > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= >
-- Regards, dhananjoy India. GSM # : 091-9899602123 --------------------------------------------------------------- Registered Linux user # 375503 http://counter.li.org --------------------------------------------------------------- Some men see things as they are and say why? I dream things that never were and say "Why Not?" -Robert F. Kennedy ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
