|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Not able to log into NT domain when Secure Remote is in stalled
If your dial-up solution dials directly to your network (and you hand out the IP addresses), you can add that range of addresses to the encryption domain. I have been told by a couple of different techs that the Secure Remote only tries the VPN if you are not using an IP address within the encryption domain. Meaning, if the IP address you get through DHCP (for the NIC or the dial-up adapter) is something that the userc.C file knows is inside the F/W, it will not try to create a VPN to allow you in the F/W. This was our experience up until I did whatever I did to mangle our VPN connections. Of course, lately I can't get the same answer from more than one person when asking questions about Secure Remote... The most prevalent (and infuriating) answer that I have been getting is: "What do you expect for a free product". -Ed P.S. If you figure out a way to get a user authenticated on your NT domain from a cable modem, I would love to hear it. The cable modem company here (Seattle) requires that you change your workstation name to their naming convention and then join their ATT workgroup, which then will not let us log onto our own domain. That is why we had to only use DSL, which doesn't have that workgroup / domain limitation. > ---------- > From: Wendy Gleisner[SMTP:[email protected]] > Sent: Friday, February 02, 2001 10:14 AM > To: [email protected]; [email protected]; > [email protected] > Subject: RE: [FW1] Not able to log into NT domain when Secure Remote > is installed > > So, how do you setup a laptop that uses a cable modem at home and also > dial-up when away from home > during the day? Secure Remote will bind to all adapters and you will have > the NT domain login problem. > Checkpoint says the answer is to setup a new profile, however, how do you > "disable" the dial-up adapter in > NT 4.0 in the profile? > > Checkpoint tech support says that you can have this adapter / NT domain > login problem even without their > software loaded. Does anyone know that this is true or is this problem > specific to Secure Remote. > > Wendy > >>> Rick McMaster <[email protected]> 02/02/01 07:46AM >>> > > It has certainly been my experience, and the experience of my clients, > that > the best way to implement Secure Remote for laptops that are used both in > the office and at home is to only bind Secure Remote to the dial up > adapter. > That way it is not used when the person is connected through the LAN > interface at work. This is certainly a great way to avoid the exact > problem > you are having. > > I disagree, however, with the statement that your change should not have > caused this problem. The mere fact that it worked before you made the > change and now it doesn't leads one to believe that the change caused the > problem. It would be my guess that your change to the encryption domain > caused some NT resource that was previously not included in the domain > (like > the BDC) to now be included. > > In any case, your best solution is to unbind Secure Remote from the LAN > interface. > > Rick McMaster > Sr. Network Security Engineer > ePlus Technology > http://www.eplus.com > Nasdaq: PLUS > > > -----Original Message----- > From: Croft, Ed [mailto:[email protected]] > Sent: Thursday, February 01, 2001 9:13 PM > To: Checkpoint Mailing List > Subject: [FW1] Not able to log into NT domain when Secure Remote is > installed > > > > My company has Secure Remote (versions 4174, 4166, 4165, etc...) for users > that have DSL connections from their homes. This works fairly well and > they > are able to log onto the NT domain from inside the F/W, or from their DSL > connections outside of the F/W (using NT4 and SDL). We have had this > solution in place for approx. 6 months. > > The other day I needed to add some more networks to my encryption domain > that was defined under the VPN tab of the F/W node in the Policy Editor. > I > saved the changes and applied the ruleset. Now I can't get logged onto > the > NT domain from a client running Secure Remote, but I do get my DHCP > information and I can ping by IP address and name. If I uninstall the > Secure Remote software, I can then log onto the NT domain. Is there ANY > way > that the additional networks I added to the encryption domain on the F/W > could have anything to do with the client not being able to log onto the > NT > domain? (I have tried updating the site, blowing away the site and > recreating it, and reinstalling the software from scratch on the clients). > > According to our vendor support (Verisign), the change that I made to the > encryption domain should not have had any affect on this problem. But, > they > also said that I would have problems logging into the NT domain with the > Secure Remote software installed on all adapters. I can't believe that > this > would work flawlessly for the last 6 months and then all of a sudden stop. > I am wondering if I should completely remove the encryption domain and > then > start over from the beginning, but I would like input from people that > have > more experience with Checkpoint / Secure Remote. Thanks in advance for > any > ideas that y'all can think of... > > -Ed > > > ========================================================================== > == > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > == > ==== > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
