Thanks Richard & Charles for comments and links.
I should provide a bit of insight here. Dealing with technical and political issues.
(really too bad!) Office secretary doesn't get along with IT dept of company b, and
there seems to have been a real lack of cooperation although according to management
this guy (on their board of directors) is supposed to have access to their intranet.
I think that there may be a reluctance to reconfigure their firewall (as link
suggests) as the IT guy there seems so uncooperative. I did do some research and
figured that this is going to require some testing and troubleshooting, and I don't
know whether they are using encapsulated FWZ or not. Also, I am not an employee of
company a, but just do work for them so I can't be on site for any extended time. So
I will try to prepare a diskette as per instructions in links below to see if it will
work, but I also want to have a plan b. ie jump around the firewall for that one route
if that might work as well.
Still open to suggestions. Thanks,
Boyd
PS. I'll also be working on both pptp and ipsec for my own dachstein.
-----Original Message-----
From: Richard Doyle [mailto:[EMAIL PROTECTED]]
Sent: Thu 07/03/2002 7:08 PM
To: Boyd Kelly; [EMAIL PROTECTED]
Cc:
Subject: RE: [Leaf-user] Dachstein migration successful! - General routing
question.
FWIW, a quick check on google for "securemote linux nat" turned up
http://www.phoneboy.com/faq/0372.html and
http://www.phoneboy.com/faq/0141.html.
-Richard
> Got my ip aliasing/forwarding and all working on dachstein.
> Very happy
> about that. Great piece of work!
>
> Now for an interesting problem:
>
> One guy behind my leaf firewall needs a securemote (Checkpoint)
> connection to company b. He has a Win2k workstation. As I understand
> from searching the newsgroups, this isn't possible with
> Linux, although
> I would love to be corrected on that one.
>
> So I am looking for some opinions on a solution. Could I just do some
> routing magic on the win2k workstation to bypass the leaf router only
> for that securemote ip address? For something like that to work would
> the workstation need a second nic? Or can I just plug all the
> Internet/Leaf wires into the same switch, and then give computer 3 a
> default gateway of 208.x.x.1 for the address in question?
>
> Any security issues?
>
>
>
> [Internet]
> |
> eth0 208.x.x.13
> |
> LEAF Box (DF 208.x.x.1) |
> |
> eth1 192.168.1.254
> |
> -----------------------
> | |
> Computer 2 Computer 3 (needs to use
> securemote client)
> (192.168.1.2) (192.168.1.3)
>
>
> Thanks very much,
>
> Boyd
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
�Þiû¬z¹šŠX§‚X¬´·š~ë�®X¬¶Ë(º·�~Šàzw†Ûi³ÿåŠËl²‹«qçè®�§zßåŠËlþX¬¶)ߣù^iû¬z
