NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] HTTP access via VPN and User-Auth



Afternoon all,

I have a situation here as follows :

We are setting up OWA for users of ours who world-hop.

I have 2 rules setup for this as follows :

Secure-Group@Any   ENC-Domain   ANY   Client Encrypt

Exch-Group@Any   Exch-Server-OWA   HTTP   User-Auth

The rule regarding ENC-Domain and Client-Encrypt uses VPN and works
perfectly.

The second rule, applies to Exch-Server-OWA which contains the Internall
address and a NAT for this address. The User-Auth is set to "Intersect with
user database" and "All servers".

When I attempt to access the NAT address, which is a valid internet address,
I get the popup screen for User-Auth, input the name and password, and seem
to get access, but nothing happens. When I say "seem to get access", what
happens is the log shows the authentication taking place with Accept, the
browser shows itself trying to get to the OWA server, but I never get the
OWA page back on the Laptop (All these tests are for external users).

If I set up a rule which says :

Exch-Group @Any   ANY   ANY  Client-Auth

And use the CP Client auth software or Telnet to authenticate, and then open
the browser to the OWA Internet address, it works in a second.

The only difference here is that with CA, I authenticate first and then
access, and with UA, I attempt to access, get the popup and should get the
OWA logon screen and don't.

Does anyone have any idea why this is ? Or what to do ?

Thanks,

Mike Glassman
System & Security Admin
Israeli Airports Authority
Ben-Gurion Airport
http://www.ben-gurion-airport.co.il

Tel : 972-3-9710785
Fax : 972-3-9710939
Email : [email protected]

Usage of this email address or any email address at iaa.gov.il for the
purpose of sales pitches, SPAM or any other such unwanted garbage, is
illegal, and any person, whether corporate or alone doing so, will be
prosecuted to the fullest possible extent.






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.