[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecRemote problem?
Hi Guys, I too have this problem and it's an open TT with checkpoint. The platform is CP2000, SP3 on NT using IKE or FWZ encryption with IP NAT pools. You have to use IP NAT Pools or the reply can go out through a different gateway which can cause routing problems. >From the logs I can see An incoming ICMP decrypt The addresses NAT correctly The traffic hits the internal router The internal router responds to the firewall The firewall UN-NAT's the traffic The firewall DROP's the outbound ICMP. The best answer so far from CP is to enable ICMP using their "any-any" ICMP function which is not really any use. The big problem is why ICMP is being ignored from the "users -> internal nets for any" If only they would implement stateful ICMP ... Note that just because ICMP is not running doesn't normally affect the VPN - we have hundreds of users VPN'ing in correctly, it just makes it very difficult for the support teams to diagnose problems. Regards Tim -----Original Message----- From: Christoph Nagelreiter [mailto:[email protected]] Sent: 18 January 2001 15:22 To: Secure 1 Mailing List (E-Mail) Subject: [FW1] SecRemote problem? Hi, I can log on to the Firewall with SecRemote, but i can not ping any computers behind my firewall? ( I use FWZ encryption) When i try to ping a computer behind my firewall, the SecRemote loon window appears!!! How can i ping a computer behind my firewall? The computer behind my firewall has a private IP address. Do i have a routing problem? Please help me! Thank u. Chris ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|