NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: [FW1] SR split DNS ...?



The best way to find out the choke point is to check in reverse order,
meaning;

0. Make sure general VPN connection from SR to internal network is okay.
1. From SR, check if you can connect to the internal server using internal
name. If it returns error indicating failure to resolve the name, then
2. Check the userc.C file to verify dnsinfo section contains the information
written in the dnsinfo.C. If not then 3-1, if yes then 3-2

3-1. Most likely syntax error in dnsinfo.C. Examine dnsinfo.C very very
carefully to find out any syntax error, especially ( or ) or spaces.
dnsinfo.C is very very vulnarable to any syntax error. If you found and
corrected it, then reinstall the policy, update the site from SR, check
again userc.C to see dnsinfo section. If it's still empty, do it over again.
There should be remaining syntax error.

3-2. Even though dnsinfo.C is syntactically correct so that it can be
downloaded to userc.C, there might be weird error in it. The best way to
find out is, \
 - make a vpn connection from SR \
 - From SR window, choose Erase Password menu
 - ping to the internal name. If SR auth box pops up, then syntax confirmed.
Go to 4. If SR does not prompt you to authenticate, then there is syntax
error. There are lot of variations regarding this and none of them are
typical. You want to get some professional help.

4. On the FW log, see if domain_udp connection is coming in from SR and get
decrypted. Probably yes if general VPN is working. Then, double check the
crypt.def is properly modified. This get overwritten whenever you install
new service pack. If it's truly properlyh modified, then lower level
troubleshooting like snoop required. Get professional help.

5. Modification on userc.c is not required any more in any 4.1 SR releases.

Sincerely,

Sun Yu, CISSP
Lucent Worldwide Services





> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> laurent
> Sent: Friday, January 05, 2001 9:54 AM
> To: [email protected]
> Subject: [FW1] SR split DNS ...?
>
>
>
> dnsinfo.c file created.
> crypt.def file modified.
> add on :dns_encrypt and :dns_xlate in users.c file.
>
> nothing happens.
>
> How does SR works ?
> We have made only one modification in the users.c file. encrypt dns.
> Therefore all the dns traffic is send to the gateway, does it
> receive the split dns configuration after the authentication ?
>
> How can check this, someone is talking about a fwenc.log file ? is it
> correct ? How can I enable
> this function ?
>
> Thanks for replying.
> lO
>
>
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.