NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: [fw1-wizards] FW: Secureremote and Nat, any help would be app reciated



Also , do a nbtstat -a nameofserver on those machines and make sure nothing
is screwy.
A bogus local hosts file?
Do you have a WINS entry in your network card properties? 
How about a Trace route to those servers from your remote workstation? (
Make sure you are allowing ICMP across the firewall)
Are these servers on a seperate subnet not defined on the firewall?

( I know it works w/o the NAT box up, but still worth testing if you already
havent)





-----Original Message-----
From: David Ellis [mailto:[email protected]]
Sent: Friday, May 18, 2001 12:27 PM
To: Phoneboy Mailing List ([email protected])
Subject: [fw1-wizards] FW: Secureremote and Nat, any help would be
appreciated


Hi This is Dave again, Let me tell you a little bity more about this issue.
We are not using any form of nat on our firewall or our internal Lan. Every
secureremote user who utilizes FWZ encryption or IKE encryption without
using a nat box at their house works fine. I threw this nat box in my house
and I now have this issue, but if I plug my laptop directly into my internet
connection I get through fine and I can access all the servers including the
5 I cant access when I utilize my Nat Box.
Thank you
        Dave Ellis

 -----Original Message-----
From: 	David Ellis  
Sent:	Wednesday, May 16, 2001 4:26 PM
To:	Phoneboy Mailing List ([email protected])
Subject:	Secureremote and Nat, any help would be appreciated

 Here is my dillemma, I am experimenting with using secureremote at my house
through a linksys cable dsl router which utilizes nat. We now have firewall1
with service pack 3. I created myself a user on the firewall utilizing IKE
encryption. On my NAT box at home I have ports 500 and 2746 forwarded to my
internal IP home address. I modified users.c on my home system under the
options section with this line - :force_udp_encapsulation (true). On the
firewall I edited Objects.C after the props line with this - userc_NAT
(true)
	:userc_IKE_NAT (true)
				And on our firewall object I edited this
line - :isakmp.udpencapsulation (
						:resource (
							:type (refobj)
							:refname
("#_VPN1_IPSEC_encapsulation")
						)
						:active (true)
					)
I also created a service entitled VPN1_IPSEC_encapsulation utilizing UDP
port 2746.
OK, Now that part is all set, I go home to utilize secureremote on my home
PC. I log in thru the firewall fine using IKE encryption, It runs my login
script fine from our PDC. I can browse network neighborhood and access the
internal servers and workstations, But now this is the problem, I can access
everything fine accept for 5 servers, one is  our main fileserver and one is
our mailserver, But I can access every other server on our lan including our
PDC and BDC's.  I try to ping them, the name resolves but no replies. I try
to get to them through network neighborhood and it says network path cannot
be found. It is the wierdest thing. Any suggestions or help would be greatly
appreciated. I must of spent about 30 hours on this so far, on my own time.
And I am logging into the domain fine cause I can access everything else
with my appropriate rights.
Thank you for any assistance you can give.


Sincerely,
David Ellis 
Systems Engineer 

Tecnomatix - Unicam Inc.
Two International Drive - Suite 150 
http://www.tecnomatix-unicam.comTel (Direct)MobileFax 




---------------------------------------------------------------------
This email came from the FireWall-1 Wizards Mailing List.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.