OK.
But how can I seperate the server object into two network objects if by
default the NAT'd address is automatically translated back to the true IP
address, which is still a member of the VPN group ? And as such, should
request VPN (SecuRemote) authentication ?
Mike
> -----Original Message-----
> From: Simon Guo [SMTP:[EMAIL PROTECTED]]
> Sent: a eaie 19 2000 15:25
> To: 'Mike Glassman - Admin'
> Subject: RE: [FW1] VPN & NAT access on same server
>
> You can seperate VPN/NON_VPN by User_group/network_object on the source
> fields so they follow different rules.
>
> -----Original Message-----
> From: Mike Glassman - Admin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 19, 2000 10:10 AM
> To: 'fw-1 listserv'; 'fw-gnac list'
> Subject: [FW1] VPN & NAT access on same server
>
>
>
> All,
>
> We have a specific scenario here where I am asked to allow access to a
> server (or servers), where some clients will have to use the SecuRemote
> (VPN) client, and some won't.
>
> Now as far as I understand it, once I have defined a server in the
> secured-servers list for access via the VPN, I will not be able to have a
> different access to the same server's NAT address, since the NAT address
> resolves to the internal address, which then requires that I have the VPN
> client.
>
> The reasoning behind this is as follows :
>
> We have certain clients, who are not part of our organisation, but who
> need
> access to certain systems/software on our internall servers.
>
> At the same time, we have clients who are a part of our organisation, who
> also need this access, but who we don't want to have the VPN client
> installed.
>
> As well as this, we have some systems which are accesable only through the
> firewall, even to clients on our internall network, on which we cannot
> install the VPN client for various reasons, and now we are required to
> allow
> externall clients access to this system as well, but only over a secured
> (VPN) link (military site).
>
> Anyone have any insight as to whether I can double up like this ? As in,
> allow access to the same system to users with VPN, and users without ? And
> if so, how.
>
> Thanks,
>
> Mike Glassman
> System & Security Admin
> Israeli Airports Authority
> Ben-Gurion Airport
> http://www.ben-gurion-airport.co.il
>
> Tel : 972-3-9710785
> Fax : 972-3-9710939
> Email : [EMAIL PROTECTED]
>
> Usage of this email address or any email address at iaa.gov.il for the
> purpose of sales pitches, SPAM or any other such unwanted garbage, is
> illegal, and any person, whether corporate or alone doing so, will be
> prosecuted to the fullest possible extent.
>
>
>
>
>
>
> ==========================================================================
> ==
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
