Seems like it's been a long time since cyberguard..but when Securecomputing took over. i lost my favorite rules. McAfee has brought back the passport authenication, but it still lacks some of the functionallity i used to have.
When my firm was smaller (the old days), i had a rule on the firewall, that allowed my users to log in to the passport site and enable a rule for them.. the rule allowed <thier IP address> to access some service.
now that my firm is much larger, i've run into a problem where our external techs need to VPN out to our clients. I need to prdefine thier host address, and a public IP for NAT so an IPsec VPN to connect with the outside world.
which pretty much restricts my public IP to an internal user.. even when they are not in our building (what a waste)
in the past, i had a passport rule to NAT thier passport-IP addrss to a pool of public IPs. the NAT only used a public IP while someone was logged in. then released it when they ere done with thier VPN session.
Does anyone know how i can get 100 users to VPN out without tying up valuable publicIP addresses?
there may only be 20 users in house at any 1 time...
Re: passport ... longing for the old cyberguard days.
You might be able to configure your VPN to use NAT-T and pass the ESP traffic via udp 4500. That would allow you to pass them all through a single IP address. Your VPN would need to have this option availible though.