[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] client encrypt rule isn't enough?
I am trying to get securemote working for a client, and I am having a problem I have never seen before. The topology is clientnode -> fw-1 -> internet -> fw-1 -> destnode I am using IKE, the SR client is 4165, and the FW-1's are 4.1 SP2 on Solaris. The problem is that the usual "user@any encdom any clientencrypt" isn't enough; the users succesfully authenticate, but then the session is dropped by my last drop all rule. If I add a rule "clientnet encdom any accept", after the client encrypt rule, the sessions go through, merrily encrypting and decrypting, after the user authenticates. This would be wonderful, except there are roaming users working remotely and they have no fixed address. I thought the whole point of client encrypt was to allow for roaming users. Any suggestions? I need to get this solved, or the client is going to get real upset real quick. Thanks, Mike begin:vcard n:Hoffos;Mike tel;cell:tel;fax:tel;work:x-mozilla-html:TRUE org:Infocast/HomeBase;Architecture and Development adr:;;Suite 1220, 855 2nd Street SW;Calgary;Alberta;T2P 4J7;Canada version:2.1 email;internet:[email protected] title:Manager x-mozilla-cpt:;-10528 fn:Mike Hoffos end:vcard
|