Yes I do have a handful of public IPs but I would
rather to use them on the servers. I have not been
able to work around this NAT issue. If you happen to
have it worked, can you share your NAT and ipf rule
set?
Thanks


--- Christiaens Joachim <jchristi at oce dot be> wrote:
> Hmmmm,
> 
> I just put the laptop behind the m0n0 and it worked!
> 
> If you use 1:1, then you have more then one public
> ip?
> 
> Joachim
> 
> -----Original Message-----
> From: John Smith [mailto:qwik999 at yahoo dot com]
> Sent: maandag 27 oktober 2003 14:39
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] System requirements and
> Checkpoint Securemote
> VPN- 1
> 
> 
> Joachim
> Mind to share what you did to make softclient
> working?
> I am having problems using Nortel VPN client on the
> laptop behind the m0n0 except 1 to 1 mapping.
> Thanks
> 
> 
> --- Christiaens Joachim <jchristi at oce dot be> wrote:
> > The problem with IPSec behind "routers" is not the
> > routing or firewalling
> > mostly, but the way NAT doesn't know to which
> > internal client it needs to
> > send the replies comming from other VPN endpoint
> > (because they are
> > encrypted).
> > 
> > There are som tricks used to make it work (some
> for
> > 1 client, some for
> > more). All I know is that the watchguard client
> > doesn't work with ex.
> > Freesco or Linux pre-2.4 kernels, but it works
> very
> > well with m0n0wall.
> > 
> > As I said, I will test a tunnel between a
> watchguard
> > and a m0n0 soon, but
> > the softclient works...
> > 
> > Joachim
> > 
> > -----Original Message-----
> > From: Giorgio Catena [mailto:thechain at libero dot it]
> > Sent: zaterdag 25 oktober 2003 15:09
> > To: Christiaens Joachim
> > Subject: Re: [m0n0wall] System requirements and
> > Checkpoint Securemote
> > VPN- 1
> > 
> > 
> > Christiaens Joachim wrote:
> > > I'm not shure what you mean:
> > > 
> > > -use the Checkpoint client software on one or
> more
> > clients of you homelan
> > > like this: <company> --- tunnel --- <firewall>
> ---
> > tunnel ---
> > > <vpnclient-soft>
> > > 
> > > or
> > > -use the firewall to connect via a tunnel to
> your
> > company's network and
> > give
> > > access to your entire homelan
> > > like this: <company> --- tunnel --- <firewall>
> ---
> > <homelan>
> > > 
> > > anyway, both should be possible with m0n0wall. I
> > use the watchguard
> > (SafeNet
> > > sucuremote IPSec) client on a company laptop to
> > connect to the company's
> > > watchguard firebox 1000. This works very well!
> > > In the near future I will be testing the
> > watchguard-to-m0n0wall connection
> > > (IPSec too), so my homelan can be a part of the
> > company-lan.
> > > 
> > > I'll keep the list informed.
> > > Regards,
> > > Joachim
> > > 
> > I intend just the first scheme. My doubt is if it
> > works because speaking 
> > with the people of the floppyfw project the way
> the
> > client (with the 
> > software) bahaves now is not related (by their
> > opinion) to the router-fw 
> > I'm using. This is what they say but I'm not sure
> > and I want to try out 
> > something else. The Checkpoint VPN-1 securemote sw
> > (for the client 
> > connection) is that sort of bad beast without any
> > help or other kind of 
> > stuff and no settings except few stupid things....
> > 
> > Any help will be appreciated
> > 
> > Regards
> > 
> > 
> > 
> > -----------------------------------------------
> > MISSION STATEMENT 
> > -----------------------------------------------
> > Oce enables its customers to manage their
> documents
> > efficiently and
> > effectively by offering innovative print and
> > document management products
> > and services for professional environments.
> > 
> > -----------------------------------------------
> > DISCLAIMER 
> > -----------------------------------------------
> > This e-mail message and any attachment are
> intended
> > for the sole use of the
> > recipient(s) named above and may contain
> information
> > which is confidential
> > and/or protected by intellectual property rights.
> > Any use of the information contained herein
> > (including, but not limited to,
> > total or partial reproduction, communication or
> > distribution in any form) by
> > other persons than the designated recipient(s) is
> > prohibited.
> > 
> > If you have received this e-mail in error, please
> > notify the sender either
> > by telephone (0032-2-729.48.11) or by e-mail and
> > delete the material from
> > any computer.
> > Oce-Belgium/Oce-Interservices is nor responsible
> for
> > the correct and
> > complete transfer of the contents of the sent
> > e-mail, neither for the
> > receipt on due time.  This e-mail message does not
> > bring about a contractual
> > obligation for Oce-Belgium/Oce-Interservices.
> > 
> > Thank you for your cooperation.
> > 
> > For further information about
> > Oce-Belgium/Oce-Interservices please see our
> > website at www.oce.be
> > 
> > -----------------------------------------------
> > 
> > 
> > 
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail:
> > m0n0wall dash help at lists dot m0n0 dot ch
> > 
> 
> 
> __________________________________
> Do you Yahoo!?
> Exclusive Video Premiere - Britney Spears
> http://launch.yahoo.com/promos/britneyspears/
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail:
> m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> -----------------------------------------------
> MISSION STATEMENT 
> -----------------------------------------------
> Oce enables its customers to manage their documents
> efficiently and
> effectively by offering innovative print and
> document management products
> and services for professional environments.
> 
> -----------------------------------------------
> DISCLAIMER 
> -----------------------------------------------
> 
=== message truncated ===


__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/