Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Secure Remote questions

To: "'Croft, Ed'" <[email protected]>, Checkpoint Mailing List <[email protected]>
Subject: RE: [FW1] Secure Remote questions
From: "Gibson, Brian" <[email protected]>
Date: Mon, 19 Mar 2001 09:24:27 -0500
Sender: [email protected]

Title: RE: [FW1] Secure Remote questions

Have you checked to make sure that the new network that you added to the Enc Domain is not the same as your NAT pool network.

I have also discovered that you can have problems with non-routable networks that are part of your EN DOM if teh client is using the same EN DOM.

-----Original Message-----
From: Croft, Ed [mailto:[email protected]]
Sent: Friday, March 16, 2001 9:23 PM
To: Checkpoint Mailing List
Subject: [FW1] Secure Remote questions

I need some clarification on how Secure Remote works and I can't seem to
find the information at Checkpoint or Phoneboy's website. I need to know if
the following scenario will work with Secure Remote:

Secure Remote user creates a VPN to our F/W to access our Internal
resources. The Secure Remote user is running NT4.0 workstation and has a
printer attached to it via a serial cable. The printer is shared on the NT
domain. The Secure Remote user opens a connection to a SAP server, does
whatever they need to do, and then requests that the SAP server print the
job to the Secure Remote user's local printer (NT domain shared). The SAP
server sends the print job to the NT LAN print server, which queues it up
and sends it to the Secure Remote user workstation.

The Secure Remote user has a static address from their ISP (x.x.x.x) and we
created an object in the F/W, which we NAT to a different address
(172.21.x.y). We told the NT LAN print server to point to the 172.21.x.y
address to send the print jobs for the Secure Remote user's local printer.
The theory being that the F/W would get the request and send it out the VPN
back to the Secure Remote user.

We have been told by a couple of different support techs (Verisign and
Gobosh) that this will not work because the Secure Remote user can establish
a TCP connection INTO the encryption domain, but a workstation can not
establish a TCP connection to the Secure Remote user. This seems to make
sense, since the Secure Remote user can ping the NT LAN printer
successfully, but the NT LAN printer can not initiate a ping to the Secure
Remote user.

Herein lies the problem: This worked successfully for the last 7-8 months.
One day, I added another network to the Encryption domain on the F/W and
then all of a sudden it stopped working. I changed the Encryption domain
back and it still doesn't work. Everyone that I have talked to (including
this list) has told me that the change I made on the F/W would not have
affected the Secure Remote users.

Does anyone have a resource they can suggest that will give in-depth details
about what Secure Remote can do and how it works? Everything that I can
find on the product seems to have been designed for a sales presentation.

Any help is appreciative.

-Ed

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] vpn between checkpoint and pix
Next by Date: RE: [FW1] IKE and IPSEC regeneration key period
Previous by thread: [FW1] Secure Remote questions
Next by thread: [FW1] couldn't establish connection
Index(es):
- Date
- Thread