hi, At 13:13 17.09.2002 +0900, you wrote: >Hello All, > >I have a question regarding VPN.
[...] >Please notice that a Valid IP address for Webserver(210.x.x.10) is NOT being >included in the encryption domain behind FireWall-1,but just a private IP >address(172.16.0.3/16). >Some users from Internet tries to connect to the above WebServer with VPN. >In this case, do I need to include Nated IP address into >an encryption domain behind FireWall-1 ? this depends on you dns-settings. you can access you webserver encrypted using the private IP 172.16.0.3 or unencrypted using 210.x.x.10 if the external IP is not in the encryption-domain. so you have to be sure DNS on these clients resolves to the private IP. but you can also include the external IP 210.x.x.10 to the encryption-domain. cheers reinhard -- Reinhard Stich, ASSIST [EMAIL PROTECTED] Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
