Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] ACK! SR behind NAT (again)

To: "'[email protected]'" <[email protected]>
Subject: [FW1] ACK! SR behind NAT (again)
From: Ian Campbell <[email protected]>
Date: Thu, 9 Nov 2000 15:29:47 -0800
Sender: [email protected]

Hi fellow firewallers,

I'm at my wit's end with this. I have a DSL line that I'm experimenting with
in trying to get SR working behind NAT since our developers are using me as
a football. Here's what I've done:

1) updated the FW1 4.1 installation to SP2 on mgmt server and FW module and
enabled IKE as an encryption scheme for users.
2) installed SR 4165 on my notebook and set the encryption scheme to IKE.
3) made the edit to the objects.c on the managment server suggested in the
phoneboy FAQ (http://www.phoneboy.com/fw1/faq/0141.html) and pushed the
policy to the FW module.
3) tried with and without forcing udp encapsulation by editing the userc.c
file on the SR client (adding :force_udp_encapsulation (true) to the options
section).

The router:

A Flowpoint 144 IDSL router (anyone heard of this?) which is running a DHCP
server and correctly allocating RFC 1918 addresses to my notebook. The range
being used does not overlap with any internal network.

The notebook:

A Dell with NT4 Server SP6a installed.

What happens:

I start the SR client on the notebook, create the site, and attempt to ping
an internal address. The SR authentication dialog pops up, I enter my
username and shared-secret password and get a message saying I've been
authenticated. I see three entries in the FW1 logs: 1 authcrypt message and
two key installs, but nothing else. I can try to ping something again, but
the responses time out and the logs show nothing further.

My questions:

1) Do I need to do something else to either the FW or the SR client?

2) Does it make a difference exactly where the edit listed in the Phoneboy
FAQ is applied to the firewall object in the mgmt's objects.c file?

3) Has anyone written a complete step-by-step of what they needed to do to
get this working?

Thanks for any help!

Ian 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] MRTG for Nokia IP440
Next by Date: RE: [FW1] Linux solution
Previous by thread: [FW1] nokia package upgrade
Next by thread: FW: [FW1] ACK! SR behind NAT (again)
Index(es):
- Date
- Thread