[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] 2 SR clients behind a NAT?
Hi wise ones, I had a fellow call me up this morning who's successfully SR'ing (using IKE) in to our office from behind his home DSL router which is doing NAT. After successfully establishing one session, he then attempted to establish a second session from a different machine on his home LAN. I know this is a somewhat tricky situation, and I have been given to understand that this will not work, although I cannot find the exact reference right now. What he would like to do is SR from one machine, terminate the session, and then SR from a different machine on the same subnet. The crux is that once he has established an SR session with machine A then killed it, he cannot establish a session with machine B on the same private subnet without changing its IP address. Here is the sequence of events that he sent me: Machine A: My laptop from work Machine B: The Windows ME box from yesterday, with a one-day old install of SecuRemote. 1. Start machine A, start SecuRemote, packets flow. 2. Stop SecuRemote on machine A. Wait 1 hour. 3. Start SecuRemote on machine B. Authenication succeeds, but no packets flow. 4. Stop SecuRemote on machine B. Wait a couple of hours and retry. Same result: authentication succeeds, but no packets flow. All the way along, authentication succeeds on both A and B. We are running IP Pool NAT on the FW that he is attempting to connect to, so my initial thought was that this was causing the problem. I set the parameter in the GUI to relase the IP after 5 minutes, but this does't seem to have done any good. There must be something being cached on the FW that is preventing this from working. Does anyone have any insight as to why this is occurring and the reasons why this can't be done? Thanks, Ian Campbell ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|