Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SecuRemote Connection Problems to FW-1 with Public External Interface

To: "Christian D. Anschuetz" <[email protected]>
Subject: Re: [FW1] SecuRemote Connection Problems to FW-1 with Public External Interface
From: Aaron Turner <[email protected]>
Date: Wed, 13 Sep 2000 10:21:04 -0700 (PDT)
Cc: [email protected]
In-reply-to: <[email protected]>
Sender: [email protected]


Uh yeah.  Don't do NAT at the router.  That's just going to cause you all
kinds of pain.  The firewall really really needs a routeable IP.  Your
problem is that when the client downloads the encryption domain/network
topology from the firewall, it finds out the *actual IP* of the firewall
and tries to talk to that rather than the routeable IP.  Of course it
can't actually talk to the RFC1918 address which generates the timeout and
no log entry.

You probably can edit the downloaded topology file that SecuRemote creates
(it's plain text) and edit it accordingly, but my guess is that it still
won't work or that if it does you'll find it breaking for your users on a
regular basis (like everytime they update the topology).

-- 
Aaron Turner        [email protected] Engineer                         Vicinity Corp.        
Cell:http://www.vicinity.com

On Wed, 13 Sep 2000, Christian D. Anschuetz wrote:

> 
> Hello:
> 
> I have been unable to get SecuRemote to work with our firewall (version 4.0,
> sp7 for NT).  Unfortunately, the problem is not one of the more common
> configuration issues, but rather probably the result of the following
> environment:
> 
> SR Client --- Internet ---- Router --- (Nat'd 1918 addr) --- FW
> 
> As you can see, the firewall's external address is actually an RFC 1918
> address that is Nat'ed at the router (with a dedicated, non-shared public IP
> address).  No filtering is taking place at the router at all (in fact,
> telnetting to the SR ports succeeds no problem).
> 
> Problem manifests itself as:  Key exchange occurs; attempts to access
> internal network causes prompt; after time-out the message "No response from
> server - check user name and password"; NO LOG INFORMATION WHATSOEVER.
> 
> Any ideas?  I am stumped.
> 
> Many thanks in advance.
> 
> Christian
> 
> 
> 
> This is a repost - Never saw the message hit the list.  If you've seen this
> before, my apologies and please disregard.
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] SecuRemote Connection Problems to FW-1 with Public ExternalInterface
  - From: Rajeev Kumar <[email protected]>

References:
- [FW1] SecuRemote Connection Problems to FW-1 with Public External Interface
  - From: "Christian D. Anschuetz" <[email protected]>

Prev by Date: [FW1] Firewall-1 and SAP
Next by Date: [FW1] RE: [FW1] Firewall-1 and SAP
Previous by thread: [FW1] SecuRemote Connection Problems to FW-1 with Public External Interface
Next by thread: Re: [FW1] SecuRemote Connection Problems to FW-1 with Public ExternalInterface
Index(es):
- Date
- Thread