[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: SecuRemote behind NAT Netopia issue
I forgot to include that I see authcrypts in the log where he authenticates properly and downloads the topology via SSL. He then will try to ping an internal host which I see encrypted then the internal host responds but the FW does not encrypt the reply the first time. Immediately after (same time stamp) there is another log entry for internal host responding to the ping but it is encrypted this time. The client never appears to get a response though. Thanks again. Chris -----Original Message----- From: Chris Arnold Sent: Thursday, March 29, 2001 11:17 PM To: [email protected] Subject: SecuRemote behind NAT Netopia issue Hi. I have a user with a Win 2k laptop behind a Netopia 7100 series DSL router doing private to public hide-behind NAT. He has SR build 4176 installed without desktop policy support (just SR, not SC). He is using a private address which is not conflicting with any other addresses. He is able to authenticate properly to the enforcement point and I see traffic from him in the log but nothing appears to work properly. This has been attempted in two ways: (1) plain vanilla SR build 4176 from CP and (2) client modifications of the userc.C file and FW modifications of the objects.C file according to http://www.phoneboy.com/faq/0141.html. I have a test rule at the FW which states: users@any; Any; Any; Client Encrypt; Account; etc... In addition, I have a SonicWall at my home and am able to authenticate perfectly with both of our sets of credentials as well as send/receive any traffic I like. Both of our set-ups are identical with the exception of our SOHO FWs. Has anyone any experience with getting SR to work through a Netopia to a Nokia with CP FW-1 v 4.1 SP 2 or 3? Much thanks in advance for pointers or nudges in the correct direction. Chris ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|