Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Problems with ICA-client, Securemote and NAT.

To: [email protected]
Subject: Re: [FW1] Problems with ICA-client, Securemote and NAT.
From: [email protected]
Date: Wed, 20 Dec 2000 14:37:46 -0500
Cc: [email protected]
Sender: [email protected]


Your clients may be trying to connect to the alternate address of your
citrix box, instead of the private address.

Dave Grabowski
System Arts, [email protected]


                                                                                                                       
                    [email protected]                                                                                        
                    Sent by:                                    To:     [email protected]       
                    [email protected]        cc:                                                    
                    kpoint.com                                  Subject:     [FW1] Problems with ICA-client,           
                                                                Securemote and NAT.                                    
                                                                                                                       
                    12/20/2000 10:20 AM                                                                                
                                                                                                                       
                                                                                                                       





Hi all,

I need some expert help on this.

Nokia Ipso 3.2.1 with FW-1 v 4.1 SP.2

I have a configuration where I want securemote users to acces my internal
Citrix server. The Citrix server has a static address translation. When I
connect to the Citrix-server without using securemote, everything works
fine so the static routing and proxy arp must be configured correctly.

When I use the securemote client I can't get through to the server. I can
see in the logviewer that I get an Authcrypt, a Key Install and then a
decrypt. Source and Destination are the external addresses. In Xlatedest.
it is the correct internal adresses. The problem is that I can't see any
return traffic from my citrix server to the securemote client in the
logfile.'
But when I use tcpdump on the fw internal interface, I can see the clients
external address try to connect to the citrix server internal address, and
that the citrix server tries to respond to the external client IP-address.
Is this correct, and if it is, why can't I see it in the logfile ??

I have included the citrix server external address in the encryption
domain. I have also tried to disable anti_spoofing, with no luck.

My securemote rule is after the stealth rule. Has that anything to say ??

Thanks for your help...-


Christian H. Jensen


..................................................................................



eSec A/S - Managed Security

http://www.esec.dk
Telefon: +45 7020 5585
Direkte:  +45 4450 2073
Mobil:     +45 20192510
..................................................................................







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Adding a ip's to the firewall
Next by Date: RE: [FW1] CheckPoint Customer Log Module
Previous by thread: [FW1] Problems with ICA-client, Securemote and NAT.
Next by thread: Re: [FW1] Problems with ICA-client, Securemote and NAT.
Index(es):
- Date
- Thread