Yes but both SecureClient and SSL Network Extender is extra money to Checkpoint.
The question is "Is it possible to do it without any additional investment?" -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of fwguru Sent: Wednesday, September 07, 2005 4:44 AM To: [email protected] Subject: Re: [FW-1] Fwd: [FW-1] VPN Problem Office Mode with SecureClient or SSL Network Extender is the way to go. Use an IP range like 1.123.231.0 <http://1.123.231.0> / 24 or 7.8.9.0<http://7.8.9.0>/ 24 for your Office Mode pool. Doesn't matter what you use, just don't use any RFC 1918 address space. Routing won't be an issue. Neil Delacruz On 9/5/05, <No Fru> <[EMAIL PROTECTED]> wrote: > > dear ilia, > please have a look to sk30402. > > i have only a printed version - you need an enterprise support.... > --------------------------------------------------------------- > SecureClient users fail to connect with hotel IP address that exists on > internal LAN > Symptoms: > ·Failure to connect with SecureClient to a firewall when on a network with > a > private IP range that is also in the VPN Domain. > ·ID: sk30402 ·Product: SecuRemote/SecureClient ·Version: NG AI > ·Type: Issues ·Access: Advanced > --------------------------------------------------------------- > the solution: > 1) open policy > global properties > remote access > 2) vpn advanced... change from static(=default) to dynamic resolving > 3) firewall-vpn objekt > vpn advanced > dynamic interface resolving > > "enable dynamic resolution for securemote/secureclient" > 4) install policy > 5) secureclient users must update site > > after this, the client resolve the interface with an rdp mechanism before > connecting or choosing the address of the interface to which they wish to > connect. this occurs by sending an rdp packet to determine if the address > is > reachable. > --------------------------------------------------------------- > > best regards, > > --- Weitergeleitete Nachricht --- > Von: Ilia Shapira <[EMAIL PROTECTED]> > An: [email protected] > Betreff: [FW-1] VPN Problem > Datum: Sun, 4 Sep 2005 08:15:55 +0200 > > I have a little problem with VPN and I wonder if anyone has a solution > for it. > > > > My Firewall has a real IP address and all the computers behind it have > NAT addresses 10.1.1.X > > Usually when a user connects to the firewall via VPN he can access the > internal servers without any problem, but > > there is a problem when a user connect from another NAT network that > also have IPs that starts with 10.X.X.X > > In this case he connects to the firewall but after this when he tries to > connect to some internal network servers he can't because his PC > "thinks" > > that this IP is in the network he connects from. > > > > Of course there is an option to change all our internal IPs to some > another scope, but I really prefer not to do it. > > Is there some other solution for this problem? > > > > Thanks > > > > > <http://111775.sigclick.mailinfo.com/sigclick/01000805/05044901/02064500 > /20192215.jpg> > Make sure YOUR emails don't get lost! Download Mailinfo here > <http://www.mailinfo.com/web/?uid=111775> > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > -- > carpe diem - nutze den tag > > 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail > +++ GMX - die erste Adresse für Mail, Message, More +++ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= <http://111775.sigclick.mailinfo.com/sigclick/00000006/03074801/06024D03/21111424.jpg> Make sure YOUR emails don't get lost! Download Mailinfo here <http://www.mailinfo.com/web/?uid=111775> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
