RE: CVPN 3005 VPN to Firewall-1

From: George Lampron (glampron@machinelogic.com)
Date: Wed Sep 11 2002 - 01:04:30 GMT-3

Yes,
You get the 3030 to assign addresses from a pool for the internal network.
NAT is a firewall function. you don't want the 3030 to connect public
addresses on the inside of your network.

If you tunnel between a FW1 and a 3030 you need to have different network
addresses on each network
so that traffic knows to route thru the tunnel.
e.g. 172.x.x.x on one network 192.x.x.x on the other.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
certstudy
Sent: Tuesday, September 10, 2002 5:34 PM
To: Peter Wodle; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Re: CVPN 3005 VPN to Firewall-1

Interesting--i have a similar situation with a 3030 to FW1. I think that
the 3000's can do nat but only for the local inside subnet. At least that
is the best i can figure out. in other words if i want to make the 3030 the
next hop for all traffic destined for the 3030/FW1 tunnel for all of my
subnets, the 3030 will not nat them. if i try to just send traffic from the
inside subnet via the same path with nat, it works.

if anybody has a different experience, i'd sure appreciate the help.

tks
----- Original Message -----
From: "Peter Wodle" <peter_wodle@hotmail.com>
To: <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, September 10, 2002 10:21 AM
Subject: CVPN 3005 VPN to Firewall-1

> when doing a VPN between CVPN 3005 to Firewall-1, is it possible to do
> NAT/PAT on the CVPN3005 such that FW-1 only sees NATed address/Addressess?
>
>
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:48 GMT-3