NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] 2 SR clients behind a NAT?



Hi wise ones,

I had a fellow call me up this morning who's successfully SR'ing (using IKE)
in to our office from behind his home DSL router which is doing NAT. After
successfully establishing one session, he then attempted to establish a
second session from a different machine on his home LAN. I know this is a
somewhat tricky situation, and I have been given to understand that this
will not work, although I cannot find the exact reference right now. What he
would like to do is SR from one machine, terminate the session, and then SR
from a different machine on the same subnet. 

The crux is that once he has established an SR session with machine A then
killed it, he cannot establish a session with machine B on the same private
subnet without changing its IP address. Here is the sequence of events that
he sent me:

Machine A:  My laptop from work
Machine B: The Windows ME box from yesterday, with a one-day old install of
SecuRemote.

1.  Start machine A, start SecuRemote, packets flow.
2.  Stop SecuRemote on machine A.  Wait 1 hour.
3.  Start SecuRemote on machine B.  Authenication succeeds, but no packets
flow.
4.  Stop SecuRemote on machine B.  Wait a couple of hours and retry.  Same
result: authentication succeeds, but no packets flow.

All the way along, authentication succeeds on both A and B.

We are running IP Pool NAT on the FW that he is attempting to connect to, so
my initial thought was that this was causing the problem. I set the
parameter in the GUI to relase the IP after 5 minutes, but this does't seem
to have done any good. There must be something being cached on the FW that
is preventing this from working. Does anyone have any insight as to why this
is occurring and the reasons why this can't be done? Thanks,

Ian Campbell


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.