Re: [Leaf-user] Dachstein migration successful! - General routing question.
One guy behind my leaf firewall needs a securemote (Checkpoint) connection to company b. He has a Win2k workstation. As I understand from searching the newsgroups, this isn't possible with Linux, although I would love to be corrected on that one. Sounds a lot like the securemote client is simply an IPSec implementation. There are lots of details about masquerading an IPSec connection in the list archives, and all the gory details can be found in the VPN-Masquerade-HOWTO. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein migration successful!
Boyd: As Charles says, the docs on www.phoneboy.com/faq/0372.html suggest this is a lot like an IPSec connection. You may want to have a look at echoWall again, though: it supports both FW1 and IPSEC. You can enable or disable either of them, see what works. -Scott One guy behind my leaf firewall needs a securemote (Checkpoint) connection to company b. He has a Win2k workstation. As I understand from searching the newsgroups, this isn't possible with Linux, although I would love to be corrected on that one. Sounds a lot like the securemote client is simply an IPSec implementation. There are lots of details about masquerading an IPSec connection in the list archives, and all the gory details can be found in the VPN-Masquerade-HOWTO. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein migration successful! - General routing question.
Got my ip aliasing/forwarding and all working on dachstein. Very happy about that. Great piece of work! Now for an interesting problem: One guy behind my leaf firewall needs a securemote (Checkpoint) connection to company b. He has a Win2k workstation. As I understand from searching the newsgroups, this isn't possible with Linux, although I would love to be corrected on that one. So I am looking for some opinions on a solution. Could I just do some routing magic on the win2k workstation to bypass the leaf router only for that securemote ip address? For something like that to work would the workstation need a second nic? Or can I just plug all the Internet/Leaf wires into the same switch, and then give computer 3 a default gateway of 208.x.x.1 for the address in question? Any security issues? [Internet] | eth0 208.x.x.13 | LEAF Box (DF 208.x.x.1) | | eth1 192.168.1.254 | --- | | Computer 2Computer 3 (needs to use securemote client) (192.168.1.2) (192.168.1.3) Thanks very much, Boyd ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dachstein migration successful! - General routing question.
FWIW, a quick check on google for securemote linux nat turned up http://www.phoneboy.com/faq/0372.html and http://www.phoneboy.com/faq/0141.html. -Richard Got my ip aliasing/forwarding and all working on dachstein. Very happy about that. Great piece of work! Now for an interesting problem: One guy behind my leaf firewall needs a securemote (Checkpoint) connection to company b. He has a Win2k workstation. As I understand from searching the newsgroups, this isn't possible with Linux, although I would love to be corrected on that one. So I am looking for some opinions on a solution. Could I just do some routing magic on the win2k workstation to bypass the leaf router only for that securemote ip address? For something like that to work would the workstation need a second nic? Or can I just plug all the Internet/Leaf wires into the same switch, and then give computer 3 a default gateway of 208.x.x.1 for the address in question? Any security issues? [Internet] | eth0 208.x.x.13 | LEAF Box (DF 208.x.x.1) | | eth1 192.168.1.254 | --- | | Computer 2Computer 3 (needs to use securemote client) (192.168.1.2) (192.168.1.3) Thanks very much, Boyd ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user