[ previous ] [ next ] [ threads ]
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Giorgio Catena'" <thechain at libero dot it>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] System requirements and Checkpoint Securemote VPN- 1
 Date:  Mon, 27 Oct 2003 11:18:15 +0100
The problem with IPSec behind "routers" is not the routing or firewalling
mostly, but the way NAT doesn't know to which internal client it needs to
send the replies comming from other VPN endpoint (because they are

There are som tricks used to make it work (some for 1 client, some for
more). All I know is that the watchguard client doesn't work with ex.
Freesco or Linux pre-2.4 kernels, but it works very well with m0n0wall.

As I said, I will test a tunnel between a watchguard and a m0n0 soon, but
the softclient works...


-----Original Message-----
From: Giorgio Catena [mailto:thechain at libero dot it]
Sent: zaterdag 25 oktober 2003 15:09
To: Christiaens Joachim
Subject: Re: [m0n0wall] System requirements and Checkpoint Securemote
VPN- 1

Christiaens Joachim wrote:
> I'm not shure what you mean:
> -use the Checkpoint client software on one or more clients of you homelan
> like this: <company> --- tunnel --- <firewall> --- tunnel ---
> <vpnclient-soft>
> or
> -use the firewall to connect via a tunnel to your company's network and
> access to your entire homelan
> like this: <company> --- tunnel --- <firewall> --- <homelan>
> anyway, both should be possible with m0n0wall. I use the watchguard
> sucuremote IPSec) client on a company laptop to connect to the company's
> watchguard firebox 1000. This works very well!
> In the near future I will be testing the watchguard-to-m0n0wall connection
> (IPSec too), so my homelan can be a part of the company-lan.
> I'll keep the list informed.
> Regards,
> Joachim
I intend just the first scheme. My doubt is if it works because speaking 
with the people of the floppyfw project the way the client (with the 
software) bahaves now is not related (by their opinion) to the router-fw 
I'm using. This is what they say but I'm not sure and I want to try out 
something else. The Checkpoint VPN-1 securemote sw (for the client 
connection) is that sort of bad beast without any help or other kind of 
stuff and no settings except few stupid things....

Any help will be appreciated


Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be