You
can create VPN between W2K and FW-1 using IPSec with pre-shared
secrets.
There's no need for additional
software/hardware.
Then
you can use W2K box as a NAT/proxy for your internal LAN.
However there's several caveats:
1. You
need static IP address for your W2K box
2. You
have to turn off certificates on your W2K - here's the info
how to
do that - http://support.microsoft.com/support/kb/articles/Q240/2/62.ASP
Regards,
Eugene
Eugene Nesterenko, CCIE #5283, CCNP+Security,
CCDP, CCSE, MCSE
Principal Consultant
Gobosh, Inc.
------->www.gobosh.cc
[EMAIL PROTECTED]
direct: (408) 273-7714
fax: (408) 327-9810
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 24, 2001 12:22 AM
To: David E. Hoobler Jr.
Cc: FW-1 Mailing List (E-Mail); [EMAIL PROTECTED]
Subject: Re: [FW1] VPN products compatible with Firewall-1
Hi,
I have worked with the same scenario. I used Sonicwalls at the remote users and configured a VPN between the Sonicwall and Checkpoint FW-1.
( ftp://ftp.sonicwall.com/pub/info/IKE%20-%20CheckPoint%20Interop%20with%20SonicWALL.pdf )
A 5 user Sonicwall with VPN cost about 1000 $
Christian H. Jensen
..................................................................................
eSec A/S - Managed Security
http://www.esec.dk
Telefon: +45 7020 5585
Direkte: +45 4450 2073
Mobil: +45 20192510
..................................................................................
"David E. Hoobler Jr." <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]23-04-2001 21:58
To: "FW-1 Mailing List (E-Mail)" <[EMAIL PROTECTED]>
cc:
Subject: [FW1] VPN products compatible with Firewall-1
I am running Checkpoint Firewall-1 VPN Gateway 250 version 4.1 SP3 at the
office. I would like to set up a VPN from home. I can and have done so
with SecureClient from a single computer with a public IP address.
I have a network at home and would like to access the office network using
multiple computers with private (RFC1918) IP addresses. I understand that
SecureClient can be configured to use a private IP address, but you are
limited to a single machine behind the NAT device. I would like to have
multiple machines behind the NAT device be part of the VPN.
The obvious thing to do is to use a minimum version of Checkpoint at home.
I looked into that and found the cost to be prohibitive. Are there any
other products out there that can remotely interface with Checkpoint's VPN?
My first choice would be a Linux based firewall.
Thanks,
David Hoobler
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
