I have 2 VPN 2005. I need to put the concentrators an a DMZ lan protected by a checkpoint firewall that do nat.
I issigned ip address foreach vpn device on private lan, and none for public. Because checkpoint do nat for vpn concentrators, i cannot use public interface, it's useless.
I would like to know if it's possible to use only one interface to create lan-to-lan network between us and our customers (ipsec + nat) or i need to setup public interface, give to it a different network than dmz, and let checkpoint do 1:1 nat with this public interface.
I need advices. Thx.