[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] SOLVED: [FW1] SecuRemote problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simple solution... and a trap to look out for. When I uninstalled the DES version, it deleted my local.arp file - it seemed to delete all directories under \fw1\4.1 A bit of network sniffing and deduction proved that IP was travelling back to the firewall, but not being answered - therefore the FW didn't know how to answer. QED Thanks to all those who replied. Craig. (phew - 1 hour to spare !) - -----Original Message----- From: Little, Craig (SSI-SIAP-NP5) Sent: Thursday, 21 September 2000 3:42 a.m. To: [email protected] Subject: [FW1] SecuRemote problem - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is another of what seems to be an ever ending list of problems with SecuRemote in recent weeks. I have upgraded from 4.1 SP1 DES to 4.1 SP2 3DES tonight. In order to make sure things worked, I backed up my config files, uninstalled, reinstalled and restored config files (obejcts.C, rulebases.fws etc), and re-applied the Split/Encrypted DNS mods. When my SecuRemote users (mixture of 4157 and 4165, all DES) log in, they are authenticated correctly, but they cannot communicate with any machines on the network. I can see the nameserver and nbname packets correctly directed to the DNS and WINS servers in the logs, but info is not returned to the client. Pinging a machine by IP address shows the decrypted packet come into the network, but there is no echo-reply. There have been no routing changes, no changes to the Pool NAT configuration. The only change is the installation of the 3DES software and upgrade to SP2. I have followed all the usual procedures - push the policy out to the servers, update the site info in SR, but nothing seems to work. It's almost as though there is no state info to allow the packets back out to the SR users - but nothing is being dropped (at least not in the logs). I have 3 hours to get this fixed, or roll back to SP1. Any ideas? Craig. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOchKi4AS1Tpq5ZYvEQLBxwCfZWJfS6VQ+1BH7odfo8d9uqGjqgcAoNeV RsFn298IcCeDCHNoJOY7Zdeg =tj2r -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|