Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Remote Client behind PIX

To: "'Qaadir Haamid'" <[email protected]>
Subject: RE: [FW1] Secure Remote Client behind PIX
From: "Nijs, Daniel" <[email protected]>
Date: Tue, 23 Jan 2001 08:06:22 -0500
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

>From what I understand about the Pix (and correct me if I am wrong), VPN
will not work with natting (unlike FW-1, which supports natting and VPN at
the same time).  I believe you can add a nat 0 rule, a quick search on
www.deja.com should give you some more information.  This could be one of
the reasons why it isn't working.  Please do let me know if you find out
what the solution is if this was not it.

Best regards,

Dan

-----Original Message-----
From: Qaadir Haamid [mailto:[email protected]]
Sent: Monday, January 22, 2001 5:16 PM
To: [email protected]
Subject: [FW1] Secure Remote Client behind PIX



Hello,


I have a remote user who is coming to our webserver from behind a Pix 
firewall. The Pix is NATing the clients IP address. I used this Address in 
my rule as each user is tied to a specific workstation. I also used the 
workstations standard IP address.

My firewall and the remote client complete authentication and exchange of 
encryption keys. However when the client tries to access the webserver using

https it gets dropped by my last rule. Does anyone have any hints or has 
seen this before.

I am working without an Analyzer so the only thing I am depending on is the 
FW logs.

The rule is SRUser@SRClient---> Webserver https


Thanks


Qaadir

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] IPSO 3.3 (in)compatibilities
Next by Date: [FW1] CP firewall 4.2 SP3 & Interscan
Previous by thread: [FW1] Secure Remote Client behind PIX
Next by thread: [FW1] Consulting about dimensioning a firewall
Index(es):
- Date
- Thread