NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Problem with SecuRemote-Connection to Encryption Domain



Hi,
I hope this is an easy one and I'm just overlooking something.

I have a SecuRemote client configured and it can fetch the topology of 
the encryption domain.

in my experimental rulebase I have two rules:
securemote-test@any     any    HTTP->CVP-Resource     client-encrypt
securemote-test@any     encryption-dom    telnet     client-encrypt

The first rule enables the client to set the firewall up as its 
http-proxy and thus use the CVP server for content security. This 
works fine.
The second rule should allow telnet access to one host behind the 
firewall. This host, pluto, has a 192.168. range address and static 
NAT to a official address. Both addresses apear in the userc.c files.

Now, when I try to telnet to pluto, regardless which address used, I 
can see the following in the firewall log file

Action       Service       Source          Destination   Rule User
authcrypt	           62.124.21.165                   1  test
authcrypt	           62.124.21.165                   2  test
drop         telnet        62.124.21.165   pluto          25

Rule 25 is the last drop all rule

According to the "manual" rule 2 should be enough to enable the telnet 
access from the authorized client to pluto.

What am I missing here???

Any comments and hints and of course solutions :-) are highly 
appreciated.

Kind regards,

Jörg


// pallas  GmbH  ............  Joerg Oertel  ...........
   Hermuelheimer Str. 10       System engineer                   
   D-50321 Bruehl, Germany     [email protected]           
                               phone  +49-(0)2232-1896-0 
   http://www.pallas.de        fax   +49-(0)2232-1896-29
........................................................



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.