Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SR Issue

To: [email protected]
Subject: Re: [FW1] SR Issue
From: CryptoTech <[email protected]>
Date: Tue, 07 Nov 2000 15:02:42 -0500
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

The issue would appear to be that the remote SR Client doesn't pass through your FW1
to get to 'OurLAN'.  This could work if you were to add an interface to the firewall
as a kind of DMZ.  This wouldn't require route/LMHOSTS file updates, just the
clients would now have to pass through a vpn session to get to the OurLAN.

HTH,
CryptoTech

[email protected] wrote:

> Can SR be used to create a pipe with NT login across a non-Internet link
> (private leased line) ?
>
> Our setup:-
>
> FW1 SP4 on NT SP4
> SR Client 4165 Windows 95 FWZ-DES
>
> OurLAN - Leased Lined - TheirLAN - SR Client
> [
> FW1
> [
> Internet
>
> I have some users trying to do this to get around the fact that they don't
> have NT trust setup between here and the remote office (and probably won't
> - don't ask !).
> When they try to connect they get a FW-1 Login Auth screen in which they
> put their credentials but don't get any further (waiting for confirmation
> of any error messages - time lag !!).
>
> i.e. Desired setup:-
>
> The user connects to remote LAN (could be DHCP or fixed), tries to connect
> to our LAN (have to be ping ?), fw authenticated, NT login.
>
> The problem we see in the log is that the authcrypt is accepted  but then
> almost immediately we get an Access Denied by Firewall Authenication
> message on Rule 0.
>
> Any ideas ?
>
> (An alternative may be to get their routing changed to come across the
> Internet link from the remote LAN or place new Firewalls between the 2
> sites but I would prefer not to do this).
>
> TIA
>
> Tim Higgins
>
> #**********************************************************************
> This message is intended solely for the use of the individual
> or organisation to whom it is addressed. It may contain
> privileged or confidential information.  If you have received
> this message in error, please notify the originator immediately.
> If you are not the intended recipient, you should not use,
> copy, alter, or disclose the contents of this message.  All
> information or opinions expressed in this message and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates. Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no responsibility for loss
> or damage arising from its use, including damage from virus.
> #**********************************************************************
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] SR Issue
  - From: [email protected]

Prev by Date: RE: [FW1] Failover between two geographically separated firewalls
Next by Date: Re: [FW1] VPN SecuRemote
Previous by thread: [FW1] SR Issue
Next by thread: [FW1] Free Check Point Training is full!
Index(es):
- Date
- Thread