Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN-1 SecuRemote Question

To: "Patrick Baird" <[email protected]>, <[email protected]>
Subject: RE: [FW1] VPN-1 SecuRemote Question
From: "Christopher Cullan - Unikoan" <[email protected]>
Date: Fri, 8 Sep 2000 10:07:40 -0400
Importance: Normal
In-reply-to: <EAC6AD26BC5CD311BF8F009027912E10CD10@ZEUS>
Sender: [email protected]

ICMP is not stateful unless enabled within the Properties menu. I'm assuming
you do not have it enabled there which is why you need an explicit rule to
allow the echo-reply back, basically FW sees an echo-reply as a net new
connection. All TCP and UDP protocols have state (assuming you've enabled
UDP replies in properties) so they don't require explicit rules for the
return communication path.

Hope that helps.
Cheers!
Chris

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Patrick Baird
Sent: September 8, 2000 9:19 AM
To: '[email protected]'
Subject: [FW1] VPN-1 SecuRemote Question



Hello all,

	Currently wrestling to understand what is going on.  I am running NT
SP6a, with FW-1/VPN-1 4.1 SP2, and SecuRemote 4165

Everything is working correctly except browsing through netowrk
neighborhood, which I have info on how to set up so I am not worried.  But
what I notice is with this setup the following happens:


Policy Server on firewall, using IKE, 3DES, FW password for now.
Gateway rules Inbound
Rule 1:		SecuRemote@Any	firewall-encdomain	Any	Client
Encrypt	Long	Gateways

To get ping to work I have to add the following rule (I don't want ping
originating from the encdomain, just responding for test):
Rule 30:	encdomain	Any	echo-reply	Accept	Long
Gateways

When I ping from my SecuRemote client I get replies as expected, and see the
following in the log:
	decrypt	""	Source	Destination	icmp	1
blah,blah,blah
	Accept	""	Source	Destination	icmp	30
blah,blah,blah
	encrypt	""	Destination	Source	icmp	2
blah,blah,blah

Well rule 2 is for my webtrends LEA connection to the Firewall.  Is the
encrypt rule automatically rule 2?  No matter, it does work so I assume it
is.

When I map a drive, or dir the mapped drive from the secuRemote client, I
see the following:
	decrypt	nbsession	Source	Destination	tcp	1
blah,blah,blah
But that's all I see.  How is the response getting through?  Is the response
encrypted?  Why do I need the echo-reply rule, but no rule for NBT services?

thanks in advance!


PDB



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] VPN-1 SecuRemote Question
  - From: Patrick Baird <[email protected]>

Prev by Date: [FW1] Problem with LOG
Next by Date: [FW1] User Auth for Web/FTP etc. Access
Previous by thread: [FW1] VPN-1 SecuRemote Question
Next by thread: [FW1] Problem with LOG
Index(es):
- Date
- Thread