Nice one, thanks:
I'll build a small lab in order to test this.
For RRAS, I think it's on the list of supported stuffs for Checkpoint FW-1
4.0
But maybe they meant it's compatible in term of tcp/ip service and not for
the interface itself on the gateway.
Anyway, a test is necessary now.
Another solution, I foresee to test, is to have a very simple gateway using
Winroute and to use Securemote on each stations in IKE. (Will not work in
FWZ but should in IKE, according to what I've read)
Thanks.
----------------- FROM : ---------------
Michel Toussaint,MCSE
System Administrator
Eonic Systems NV
Mailto:[EMAIL PROTECTED]
Vcard http://www.eonic.com/vcards/mto.vcf
- From Deep Space To Deep Sea -
Web site: http://www.eonic.com
-----------------------------------------
-----Original Message-----
From: Roy Hills [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 02, 2000 7:31 PM
To: Michel Toussaint; Fw-1-Mailinglist (E-mail)
Subject: Re: [FW1] Dialup internet connection, can FW-1 do it ??? not
sure
For the license, just use the Firewall's internal LAN IP address which
will be fixed.
For the NAT behind a dynamic IP address, you _should_ be able to
use "0.0.0.0" as the NAT hiding address which means "use whatever
address the outbound interface has". However, I've not personally tried
this.
However, I think you'll come up against another problem if you're
planning to use NT as the Firewall OS and you'll be dialling out directly
from the Firewall using Microsoft dial-up networking.
I've found that with normal RAS, Firewall-1 will recognise and use the
dial-up adapters, but normal RAS doesn't support routing from the LAN
connection to the WAN connection. By contrast, "routing and RAS" or RRAS
aka "steelhead" does support routing between LAN and WAN but wasn't
recognised by Firewall-1 when I last tried it (fw-1 v4.0 SP2 I think).
Regards,
Roy Hills
NTA Monitor Ltd
At 18:35 02/06/00 +0200, Michel Toussaint wrote:
>Problem:
>A small network has to be connected by dial-up to the internet. I know that
>cheaper product like Winroute are able to do hide nat for a dialup
>connection but can Checkpoint, a so expensive product, do it ????
>
>PC1 PC2 PC3
> | | |
>-----------------------
> | |
> PCx FW1
> |
> |
> Dial-up
> |
> {Internet}
>
>I see two major issues: The license and the NAT to an floating IP.
>Second problem, how to connect this to a IKE VPN (Fixed IP on the other
>side(s)) without issing PPTP.
>
>Any help appreciated.
>
>Thanks
>
>----------------- FROM : ---------------
>Michel Toussaint,MCSE
>System Administrator
>Eonic Systems NV
>Mailto:[EMAIL PROTECTED]
>Vcard http://www.eonic.com/vcards/mto.vcf
>- From Deep Space To Deep Sea -
>Web site: http://www.eonic.com
>-----------------------------------------
>
>
>===========================================================================
>=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
>=====
--
Roy Hills Tel: +44 1634 721855
NTA Monitor Ltd FAX: +44 1634 721844
14 Ashford House, Beaufort Court,
Medway City Estate, Email:
[EMAIL PROTECTED]
Rochester, Kent ME2 4FA, UK WWW:
http://www.nta-monitor.com/
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
