VPN 3005

Unanswered Question
Apr 2nd, 2007


I have 2 VPN 2005. I need to put the concentrators an a DMZ lan protected by a checkpoint firewall that do nat.

I issigned ip address foreach vpn device on private lan, and none for public. Because checkpoint do nat for vpn concentrators, i cannot use public interface, it's useless.

I would like to know if it's possible to use only one interface to create lan-to-lan network between us and our customers (ipsec + nat) or i need to setup public interface, give to it a different network than dmz, and let checkpoint do 1:1 nat with this public interface.

I need advices. Thx.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 04/06/2007 - 06:27

I think it is possible to do NAT and IPSec on same interface. I will prefer doing it on same interface rather than doing IPsec on concentrator and NAT on checkpoint.


This Discussion