[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SR over @HOME connection (See Notice Below)
I am running 4.1SP2 (upgraded from 4.0SP4) and I have 4 users with SecuRemote running through a Linksys. This is what I did to get them to work. Upgraded the Linksys firmware to 1.35 or higher Enabled IPSec passthrough on the Linksys Setup port forwarding on the Linksys to forward 50-51, 500, 256,259,264 to the PC w/SecuRemote switched the key schemes for the users to IKE SR versions 4.157 and 4.165 were used. Keith White Andy David <[email protected]> Sent by: To: "FW-1 List (E-mail)" <[email protected]> [email protected] cc: kpoint.com Subject: RE: [FW1] SR over @HOME connection (See Notice Below) 11/02/00 03:21 PM And just as a an added thought. When I did a clean install of 4.1 Sp2 on the backup firewall, I had no problems accessing with SR via my DSL. However, when I upgraded from 4.0 to 4.1 SP2 on the production box, I wasnt able to with the exact same rules and setup as the backup firewall.( Believe me I double checked!) After removing 4.0 and doing a clean install of 4.1 on the prod box and recreating everything, I was able to then again use the DSL with SR. I was never to isolate the reason why and since it worked, it didnt really matter at the time. Andy David J. Muller International / Egis, Inc. -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: Thursday, November 02, 2000 2:34 PM To: '[email protected]'; Joe Delsol Cc: FW-1 List (E-mail) Subject: RE: [FW1] SR over @HOME connection (See Notice Below) Hi all, We were recently able to resolve this same issue with DSL and the NAT and LinkSYS router. What I came to realize from the logs was that the firewall was issuing a KEY INSTALL to one address (the routers valid address) and then traffic tried to come in from the host (NATed address). That wasn't going to work. We had the client turn off NAT, use a valid internet address, install a personal firewall, and all worked. Sorry I can't be more specific about the LinkSYS config. I only needed to get the VPN working, not start troubleshooting DSL and NAT issues. If you need to work it out with NAT, Phoneboy.com had some info about LinkSYS and NAT and DSL. Good Luck. Tom Reynolds, MCSE, CCNA _________________________ Pilgrim Baxter and Associates Network Security and Engineering 825 Duportail Rd. Wayne, Pennsylvania [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, November 02, 2000 1:12 PM To: Joe Delsol Cc: FW-1 List (E-mail) Subject: Re: [FW1] SR over @HOME connection (See Notice Below) DSL is not support by Checkpoint. It works sometimes and sometimes it does not. Joe Delsol <[email protected]> on 11/02/2000 12:46:29 PM To: "FW-1 List (E-mail)" <[email protected]> cc: (bcc: Gail Hulse/DEWEY) Subject: [FW1] SR over @HOME connection Is anyone able to do this? I had two users try last night and they had different results.. The first could get Authenticated, but the second was prompted for the USERid/password and then was not able to reach the server.. The person that did get Authenticated was not able to get any packets to the site after the Authentication. The known difference between the two users is that the one that did get Auth. has a linkSYS DSL/Cable broadband router doing NAT. We do have SR working from behind NAT over DSL. Any ideas? Thanks! Joe If you want to send direct to me, I'll keep your post off the list. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|