Office Mode and Vmware machines with local IP addresses

Hi everyone,
I have an unusual setup in one of our branch offices, and I
can't figure out
whether Check Point's VPN gateway will work for me.

The entire office is NAT'ed behind a local Linux Firewall
right now (
192.168.x.x).
There are multiple servers internally that all have local IP
address (
192.168.x.x).

Engineers that work in this office have laptops with local
addresses, at
home they either use the same addresses, or wireless
(non-conflicting
addresses).

Each engineer has Vmware machines on their laptops, all of
which also have
addresses in the local range (192.168.x.x) so that when
they're in the
office, everything works well.

What I want to happen - I'd like to use SecureClient on the
laptops, and
have the engineers connect from home (VPN) to the Firewall,
and then use
their VMware machines to access internal resources (like CVS
servers, FTP
servers, etc). I want to avoid forcing the engineers to
change networks in
their VMware machines every time they come home...

My questions:
1. Does Office Mode support this configuration? Will I need
some more
tweaking with the local IP ranges?
2. If the answer to (1) is yes - what is the
"smallest" Check Point VPN
device that will support this? (Sofaware, VPN-1 edge, or
full blown VPN-1?)
3. If the answer to (1) is no - what should I change on this
LAN in order to
make it work both in and out of the office with the VMware
machines, with
Office Mode?
Thanks in advance...
Yossi
<FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Thanks for all the replies, I've managed to get NAT working
on the VMware's,
this definitely simplifies things (I hope it won't be too
difficult to
implement).

My one remaining question is on product selection / pricing:
-Can I buy a self-managed VPN-1 edge with Office Mode,
without a
SmartCenter?
-If not, what's my "cheapest" alternative?

Thanks,
Yossi


On 11/29/06, Jaja Banks <yossilevi22gmail.com> wrote:
>
> Hi everyone,
> I have an unusual setup in one of our branch offices,
and I can't figure
> out whether Check Point's VPN gateway will work for me.
>
> The entire office is NAT'ed behind a local Linux
Firewall right now (
> 192.168.x.x).
> There are multiple servers internally that all have
local IP address (
> 192.168.x.x).
>
> Engineers that work in this office have laptops with
local addresses, at
> home they either use the same addresses, or wireless
(non-conflicting
> addresses).
>
> Each engineer has Vmware machines on their laptops, all
of which also have
> addresses in the local range (192.168.x.x) so that when
they're in the
> office, everything works well.
>
> What I want to happen - I'd like to use SecureClient on
the laptops, and
> have the engineers connect from home (VPN) to the
Firewall, and then use
> their VMware machines to access internal resources
(like CVS servers, FTP
> servers, etc). I want to avoid forcing the engineers to
change networks in
> their VMware machines every time they come home...
>
> My questions:
> 1. Does Office Mode support this configuration? Will I
need some more
> tweaking with the local IP ranges?
> 2. If the answer to (1) is yes - what is the
"smallest" Check Point VPN
> device that will support this? (Sofaware, VPN-1 edge,
or full blown VPN-1?)
> 3. If the answer to (1) is no - what should I change on
this LAN in order
> to make it work both in and out of the office with the
VMware machines, with
> Office Mode?
> Thanks in advance...
> Yossi
> <FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Yes. You can do OM on a self managed edge device. You can
set this under
/network/my network

-GS

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Jaja
Banks
Sent: Thursday, November 30, 2006 3:16 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Office Mode and Vmware machines with
local IP
addresses

Thanks for all the replies, I've managed to get NAT working
on the
VMware's,
this definitely simplifies things (I hope it won't be too
difficult to
implement).

My one remaining question is on product selection / pricing:
-Can I buy a self-managed VPN-1 edge with Office Mode,
without a
SmartCenter?
-If not, what's my "cheapest" alternative?

Thanks,
Yossi


On 11/29/06, Jaja Banks <yossilevi22gmail.com> wrote:
>
> Hi everyone,
> I have an unusual setup in one of our branch offices,
and I can't
figure
> out whether Check Point's VPN gateway will work for me.
>
> The entire office is NAT'ed behind a local Linux
Firewall right now (
> 192.168.x.x).
> There are multiple servers internally that all have
local IP address (
> 192.168.x.x).
>
> Engineers that work in this office have laptops with
local addresses,
at
> home they either use the same addresses, or wireless
(non-conflicting
> addresses).
>
> Each engineer has Vmware machines on their laptops, all
of which also
have
> addresses in the local range (192.168.x.x) so that when
they're in the
> office, everything works well.
>
> What I want to happen - I'd like to use SecureClient on
the laptops,
and
> have the engineers connect from home (VPN) to the
Firewall, and then
use
> their VMware machines to access internal resources
(like CVS servers,
FTP
> servers, etc). I want to avoid forcing the engineers to
change
networks in
> their VMware machines every time they come home...
>
> My questions:
> 1. Does Office Mode support this configuration? Will I
need some more
> tweaking with the local IP ranges?
> 2. If the answer to (1) is yes - what is the
"smallest" Check Point
VPN
> device that will support this? (Sofaware, VPN-1 edge,
or full blown
VPN-1?)
> 3. If the answer to (1) is no - what should I change on
this LAN in
order
> to make it work both in and out of the office with the
VMware
machines, with
> Office Mode?
> Thanks in advance...
> Yossi
> <FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================