----- Original Message -----
Sent: Monday, January 06, 2003 7:01
AM
Subject: Re: [FW-1] Question about
Securemote client configuration
Okay, so the first rule to allow authentication from his
public IP - Im not sure how I should set that up.
Right now, I have the
following 2 rules :
Source: ANY - Dest: MYFIREWALL
- Service: VPN1_IPSEC, FW1, FW1_key, FW1_TOPO, IPSEC - ACCEPT
Should
I be putting the user's public IP in the above rule ? If so, how and where ? I
have about 4 VPN users. Some of these have static IP's, while some have
dynamic.
Source: USER@SOURCEIP (This will be the
user's private IP ?) - Dest: MYSERVER - Service: MYSERVICE -
ACCEPT
Thanks for your
help.
Rakhi
-----Original
Message-----
From: Russell Washington [mailto:[EMAIL PROTECTED]]
Sent:
Friday, January 03, 2003 3:49 PM
To:
[EMAIL PROTECTED]
Subject: Re: [FW-1] Question
about Securemote client configuration
Ditto that... that's the
whole point of a VPN, to connect two
behind-the-gateway networks.
Sounds like standard issue behavior to me.
---
Russell Washington, CCSE,
CCSA, NCSA
Too many doggoned letters after my name.../
-----
Original Message -----
From: "Hal Dorsman" <[EMAIL PROTECTED]>
To:
<[EMAIL PROTECTED]>
Sent: Friday, January
03, 2003 11:18 AM
Subject: Re: [FW-1] Question about Securemote client
configuration
Because that's the way the vpn works. It
creates a
virtual tunnel from his private network to yours.
Create a
rule allowing authentication from his public IP,
then another rule allowing
desired traffic from his
private network to yours.
Hal
Hal
Dorsman
Network Administrator
Rocky Mountain Elk Foundation
Missoula,
Montana USA
[EMAIL PROTECTED]
(406)523-4576
>
-----Original Message-----
> From: RBHATIA [mailto:[EMAIL PROTECTED]]
> Sent:
Friday, January 03, 2003 11:33 AM
> To:
[EMAIL PROTECTED]
> Subject: [FW-1] Question
about Securemote client configuration
>
>
> I'm running
VPN-1 on my firewall - I would like to restrict a
> particular
VPN
> user to a specific source IP. The user is on a DSL connection
using a
> private addressing scheme - 10.10.10.x /24 while our
private
> addressing
> scheme is 10.0.0.x /24.
> I created a
rule that would allow the user access from the
> source (public)
>
IP that his ISP gives him when he connects to the Internet (let's say
>
24.1.1.1) e.g. Source: [EMAIL PROTECTED] - Dest: Myserver - Service: Any -
>
Client Encrypt
> When the user authenticates with Securemote, it all
goes
> through fine. The
> problem occurs when the user tries to
connect to the server -
> the source IP
> I see in the log is his
private IP address rather than his
> public IP and
> therefore the
packet gets dropped. Why is it that I can see
> his private IP
>
instead of his public IP ? And how do I tweak my rule so
> that
the user's
> VPN account is bound to his source IP ? SHould I be using
his
> private IP as
> the Source IP
?
>
=================================================
To set
vacation, Out Of Office, or away messages,
send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set
fw-1-mailinglist
nomail
=================================================
To unsubscribe
from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If
you have any questions on how to change your
subscription options,
email
[EMAIL PROTECTED]
=================================================
=================================================
To
set vacation, Out Of Office, or away messages,
send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set
fw-1-mailinglist
nomail
=================================================
To unsubscribe
from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If
you have any questions on how to change your
subscription options,
email
[EMAIL PROTECTED]
=================================================
