[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Question about the whole SecuRemote/NAT Issue



That's the funny thing.  We are a 100% SP2 shop (firewalls, enterprise mgt consoles, SR, etc.)......  I was still under the impression, that even with SP2, a few of these changes were needed.  None of it was done before I did it.
 
Is it possible that the upgrade and a fresh SP2 install yield different configs (i.e. objects.C files)?
 
Any other suggestions for trouble shooting SecuRemote problems?
 
Thanks!
 
Jarrett
-----Original Message-----
From: Frank Darden [mailto:[email protected]]
Sent: Tuesday, September 05, 2000 19:46
To: 'Jarrett Goetz'; '[email protected]'
Subject: RE: [FW1] Question about the whole SecuRemote/NAT Issue

It is much more effective and easy to upgrade to 4.1 SP2, and SecureClient 4165. This configuration allows SecuRemote to operate behind a NAT device.
 
Frank
-----Original Message-----
From: Jarrett Goetz [mailto:[email protected]]
Sent: Tuesday, September 05, 2000 2:43 PM
To: '[email protected]'
Subject: [FW1] Question about the whole SecuRemote/NAT Issue
Importance: High

I have a quick question about a solution I have been reading in many places in relation to the dreaded and aggravating SecuRemote and NAT issue that many people are having.  In the following Phoneboy FAQ [http://www.phoneboy.com/fw1/faq/0141.htm], it talks about the :userc_NAT (true), :user_IKE_NAT (true), and for SecurRemote the :force_udp_encapsulation (true) variables.  These are very straightforward.  Then there is the other thing it says to add:
 
:isakmp.udpencapsulation (
        :resource (
                            :type (refobj)
                              :refname
                                           ("#_VPN1_IPSEC_encapsulation")
               )
                :active (true)
)
 
I have read in many places that it says to add it to the "gateway section" of the objects.C.  Would this mean the firewall object itself?  Or should it go somewhere else?
 
Can someone please tell me exactly where this should go?
 
Thanks all for your time.
 
Jarrett