[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: [fw1-wizards] FW: Secureremote and Nat, any help would be app reciated
Also , do a nbtstat -a nameofserver on those machines and make sure nothing is screwy. A bogus local hosts file? Do you have a WINS entry in your network card properties? How about a Trace route to those servers from your remote workstation? ( Make sure you are allowing ICMP across the firewall) Are these servers on a seperate subnet not defined on the firewall? ( I know it works w/o the NAT box up, but still worth testing if you already havent) -----Original Message----- From: David Ellis [mailto:[email protected]] Sent: Friday, May 18, 2001 12:27 PM To: Phoneboy Mailing List ([email protected]) Subject: [fw1-wizards] FW: Secureremote and Nat, any help would be appreciated Hi This is Dave again, Let me tell you a little bity more about this issue. We are not using any form of nat on our firewall or our internal Lan. Every secureremote user who utilizes FWZ encryption or IKE encryption without using a nat box at their house works fine. I threw this nat box in my house and I now have this issue, but if I plug my laptop directly into my internet connection I get through fine and I can access all the servers including the 5 I cant access when I utilize my Nat Box. Thank you Dave Ellis -----Original Message----- From: David Ellis Sent: Wednesday, May 16, 2001 4:26 PM To: Phoneboy Mailing List ([email protected]) Subject: Secureremote and Nat, any help would be appreciated Here is my dillemma, I am experimenting with using secureremote at my house through a linksys cable dsl router which utilizes nat. We now have firewall1 with service pack 3. I created myself a user on the firewall utilizing IKE encryption. On my NAT box at home I have ports 500 and 2746 forwarded to my internal IP home address. I modified users.c on my home system under the options section with this line - :force_udp_encapsulation (true). On the firewall I edited Objects.C after the props line with this - userc_NAT (true) :userc_IKE_NAT (true) And on our firewall object I edited this line - :isakmp.udpencapsulation ( :resource ( :type (refobj) :refname ("#_VPN1_IPSEC_encapsulation") ) :active (true) ) I also created a service entitled VPN1_IPSEC_encapsulation utilizing UDP port 2746. OK, Now that part is all set, I go home to utilize secureremote on my home PC. I log in thru the firewall fine using IKE encryption, It runs my login script fine from our PDC. I can browse network neighborhood and access the internal servers and workstations, But now this is the problem, I can access everything fine accept for 5 servers, one is our main fileserver and one is our mailserver, But I can access every other server on our lan including our PDC and BDC's. I try to ping them, the name resolves but no replies. I try to get to them through network neighborhood and it says network path cannot be found. It is the wierdest thing. Any suggestions or help would be greatly appreciated. I must of spent about 30 hours on this so far, on my own time. And I am logging into the domain fine cause I can access everything else with my appropriate rights. Thank you for any assistance you can give. Sincerely, David Ellis Systems Engineer Tecnomatix - Unicam Inc. Two International Drive - Suite 150 http://www.tecnomatix-unicam.comTel (Direct)MobileFax --------------------------------------------------------------------- This email came from the FireWall-1 Wizards Mailing List. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|