Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Tunnel Setup

Status
Not open for further replies.
Denda

Denda

MIS
Oct 30, 2001
237
0
0
US
Hi There. I have setup a tunnel between my Checkpoint NG FW & a CISCO PIX for specific ftps. The initial tunnel config works fine, but I have a slight issue..

Since the customer has set up our tunnel to our public ip address, every time we try to access their normal website (not the ftp server), it gets rejected, because it's pulling our IP like it should be going to the ftp tunnel...

I haven't had a chance to play with NAT a whole lot, since this firewall was setup by a consultant. I need a little direction on how to set up the internal server ip address (10.X.X.X) to show a different address once it gets out of our firewall. I hope I'm making some sense here, I think this is what needs to happen, I just don't know how to get there. My assumption is that I need an ip address that is different than the internal ip & the public ip. Can I just make this ip address up (following the basic network rules) & tell Checkpoint that int_serv03 (10.X.X.X), is seen as int_serv03_NAT (192.X.X.X) (via NAT), then have the customer at the ftp site reference the 192.X.X.X? Will that work?
 
Sort by date Sort by votes
not too clear here.

With NAT you set up the internal address on the first page of the server object and then the NAT address on the NAT tab
(will need to use static NAT)

this should then change the ip address when it passes through the firewall to the IP address in the NAT tab.

IT is possible to set up manual NAT rules so that you can specify which networks you want to translate between
 
Upvote 0 Downvote
I think we are on the same page but I'm not explaing it very well..

Our internal server(10.X.X.X) data goes through the firewall NAT, the firewall NAT changes the data IP address as 63.X.X.X.

This 63.X.X.X is what all of our internet traffic gets nat'd as. Since we use 2 different avenues to access data from this customer, we need to be able to access http as well as ftp. The customer is not allowing the http through the tunnel w/the ftp traffic. Basically their rule on their side says... 63.X.X.X is only allowed ftp to cust_ftp_server.

So now when we try to access the website (http), they do not allow it, they only allow ftp traffic coming from our ip address...

I did set up a manual NAT rule to change the ip of any ftp traffic from internal server (10.X.X.X) to 192.X.X.X for traffic only to the customer, but now the customer states they can't use that range either since that is their internal range. What other IP address ranges can I use? I can't remember.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
146
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
70
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
169
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
52
WhosYourDiffie
WhosYourDiffie
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
60
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top