[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Securemote Client and NAT
Is this what your looking for? http://www.phoneboy.com/fw1/faq/0141.html Robert >>> CryptoTech <[email protected]> 12/5/00 5:41:13 PM >>> > >Kevin, >I don't know if you've received an answer, I couldn't hook the email thread. >Phoneboy is referring to VPN and nat on fw 4.0 versions when IKE was in its earlier >iteration of ISAKMP/Oakley. > >I can't find a good doc on Check Point's web site. I'll try to describe it: >Verify that the firewall is 4.1 sp1 or 4.1 sp2. >If the firewall is properly configured for SR, you should be able to enter the >following line in userc.c with the other commands at the top > > :force_udp_encapsulation (true) >that is ><tab><tab>:force_udp_encapsulation<space>(true). Then kill and restart. > >This should do as it says. > >Let me know what kind of errors or symptoms you see. > >Cheers, >CT > >Kevin Ruggles wrote: > >> Hello, >> I am new to this and need some help. >> I am using SR client 4.1 behind a netgear rt311 router and DSL modem. >> >> My problem is that I have a private lan and am using the netgear router to >> allow all machines internet access. When I try using the SR client from a >> machine going through the router, I am not able to make it work. >> >> I have researched the issue of using SR client behind a router and came up >> with a great info page at (http://www.phoneboy.com/fw1/faq/0141.html) >> >> I have a few questions about the information on the above web page. >> >> bullet 2 under the A: talks about "ISKAMP", a little below it has ISAKMP and >> then later it has "IKE". Are these all the same? >> I think the first two are but I'm not sure about the last. If it is >> different, what is IKE? >> >> bullets 3-5 talk about STATIC , POOL and HIDE NAT. Bullets 3,4 both say at >> the end " follow the steps below." I am not sure what steps below to follow. >> >> Bullet 5 is for HIDE NAT. It says " only one user .... unless ... UDP >> Encapsulation.... >> This should work fine for ... home-office network...." >> >> So this is where I fit in. I only need one machine enabled to use SR client >> behind my netgear Router. >> Here I am assuming that the router fits into the HIDE NAT category. >> Please correct me if I am wrong. >> >> The Last part of the article starting with >> "You will need to modify objects.c on the management console." >> appears to be talking of the FW server. I have no ability to make these >> changes. >> >> Are these changes required for the HIDE NAT, ISAKMP (ISKAMP?) section of the >> article? >> >> So bottom line, I want to know if I have a HIDE NAT device (netgear rt311) >> and use ISAKMP key management, If I do these two steps: >> >> 1) Insure that UDP port 500 on your NAT gateway is mapped to the >> SecuRemote client. FireWall-1 tries to communicate via this port. >> >> 2) Make sure your NAT gateway can pass IPSEC traffic (IP Protocol 50). >> If UDP Encapsulation Mode is used, make sure it can also pass UDP Port >> 2746. >> >> (BTW How are these steps accomplished) >> >> Do I need to do anything else or worry about UDP encapsulation in order for >> it to work? >> >> Kevin Ruggles ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|