[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Not able to log into NT domain when Secure Remote is in stalled
It has certainly been my experience, and the experience of my clients, that the best way to implement Secure Remote for laptops that are used both in the office and at home is to only bind Secure Remote to the dial up adapter. That way it is not used when the person is connected through the LAN interface at work. This is certainly a great way to avoid the exact problem you are having. I disagree, however, with the statement that your change should not have caused this problem. The mere fact that it worked before you made the change and now it doesn't leads one to believe that the change caused the problem. It would be my guess that your change to the encryption domain caused some NT resource that was previously not included in the domain (like the BDC) to now be included. In any case, your best solution is to unbind Secure Remote from the LAN interface. Rick McMaster Sr. Network Security Engineer ePlus Technology http://www.eplus.com Nasdaq: PLUS -----Original Message----- From: Croft, Ed [mailto:[email protected]] Sent: Thursday, February 01, 2001 9:13 PM To: Checkpoint Mailing List Subject: [FW1] Not able to log into NT domain when Secure Remote is installed My company has Secure Remote (versions 4174, 4166, 4165, etc...) for users that have DSL connections from their homes. This works fairly well and they are able to log onto the NT domain from inside the F/W, or from their DSL connections outside of the F/W (using NT4 and SDL). We have had this solution in place for approx. 6 months. The other day I needed to add some more networks to my encryption domain that was defined under the VPN tab of the F/W node in the Policy Editor. I saved the changes and applied the ruleset. Now I can't get logged onto the NT domain from a client running Secure Remote, but I do get my DHCP information and I can ping by IP address and name. If I uninstall the Secure Remote software, I can then log onto the NT domain. Is there ANY way that the additional networks I added to the encryption domain on the F/W could have anything to do with the client not being able to log onto the NT domain? (I have tried updating the site, blowing away the site and recreating it, and reinstalling the software from scratch on the clients). According to our vendor support (Verisign), the change that I made to the encryption domain should not have had any affect on this problem. But, they also said that I would have problems logging into the NT domain with the Secure Remote software installed on all adapters. I can't believe that this would work flawlessly for the last 6 months and then all of a sudden stop. I am wondering if I should completely remove the encryption domain and then start over from the beginning, but I would like input from people that have more experience with Checkpoint / Secure Remote. Thanks in advance for any ideas that y'all can think of... -Ed ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|