NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Securemote On NT4.0 with STATIC NAT to Client



It sounds like possibly the remote firewall is recieving and decrypting the
packets before they reach your Firewall. If the other remote Firewall is
Firewall-1, it must be configured in Policy --->Properties to no Decrypt on
accept, thus the packets are just passed through this remote firewall rather
than being decrypted.


-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [email protected]

SiegeWorks
WebSite: http://www.siegeworks.com/
Enterprise Support, Security Consulting and Training
-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Wilkins, Jason (BIS) <[email protected]>
To: <[email protected]>
Sent: Tuesday, April 17, 2001 4:55 AM
Subject: [FW1] Securemote On NT4.0 with STATIC NAT to Client


>
> Hi,
>
> I am new to securemote!
>
> I have installed a PC with a legal IP address and this is connected
directly
> to the internet.
>
> Securemote works a treat, when i  go to a web server inside our network i
> get prompted to authenticate.
>
> I authenticate and i get to the web server.
>
> All works well!!!
>
>
> HOwever
>
> We have several PC's on a site where we are renting space.
>
> Each PC has internet access and each PC has Static NAT (dedicated legal IP
> alolocated via NAT at Firewall)
>
> I have asked the administrator of the remote firewall to allow the
following
> ports
>
>  TCP port 256 between client and Management Console. This is only needed
> to fetch and update the site information and will
>      always originate from the SecuRemote client
>      UDP port 259 to negotiate encryption and authentication information.
>      UDP port 500 to negotiate encryption keys when ISAKMP is used.
>      IP Protocol 94 bi-directionally when FWZ encapsulation is used.
>      IP Protocol 50 bi-directionally when ISAKMP is used.
>
>
> Probelm is as follows
>
> At the client i can create the site in Securemote and it connects fine
>
> I have even authenticated fine!
>
> However after the authentication no other traffic appears in the firewall
> log.
>
> What am i doing wrong?
>
> To recap a PC with a legal address connects to services via Securemote
fine
>
> A PC with Static NAT authenticates but no other traffic flows or seems to,
> traffic is passing thro a Checkpoint Firewall-1 suystem. I have not been
> able to talk with the administrator of this system. I will try and
acertain
> if any traffic is being blocked.
>
> However am i missing somethibng obvious?
> Do i need to modify objects.c?
>
> Regards
> Jase
>
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential
>  and intended solely for the use of the addressee(s).
>  If you have received this email in error please notify the
> sender. Contents, which do not relate to formal Billiton
> business, are not endorsed by the company.
>
> **********************************************************************
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.