NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Re: SecuRemote behind NAT Netopia issue



I forgot to include that I see authcrypts in the log where he authenticates
properly and downloads the topology via SSL.  He then will try to ping an
internal host which I see encrypted then the internal host responds but the
FW does not encrypt the reply the first time.  Immediately after (same time
stamp) there is another log entry for internal host responding to the ping
but it is encrypted this time.  The client never appears to get a response
though.  Thanks again.

Chris

-----Original Message-----
From: Chris Arnold 
Sent: Thursday, March 29, 2001 11:17 PM
To: [email protected]
Subject: SecuRemote behind NAT Netopia issue


Hi.  I have a user with a Win 2k laptop behind a Netopia 7100 series DSL
router doing private to public hide-behind NAT.  He has SR build 4176
installed without desktop policy support (just SR, not SC).  He is using a
private address which is not conflicting with any other addresses.  He is
able to authenticate properly to the enforcement point and I see traffic
from him in the log but nothing appears to work properly.

This has been attempted in two ways:  (1)  plain vanilla SR build 4176 from
CP and (2) client modifications of the userc.C file and FW modifications of
the objects.C file according to http://www.phoneboy.com/faq/0141.html.  

I have a test rule at the FW which states:

users@any; Any; Any; Client Encrypt; Account; etc...

In addition, I have a SonicWall at my home and am able to authenticate
perfectly with both of our sets of credentials as well as send/receive any
traffic I like.  Both of our set-ups are identical with the exception of our
SOHO FWs.

Has anyone any experience with getting SR to work through a Netopia to a
Nokia with CP FW-1 v 4.1 SP 2 or 3?  Much thanks in advance for pointers or
nudges in the correct direction.

Chris


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.