[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] RE: [fw1-wizards] FW: Secureremote and Nat, any help would be appreciated
We have tested the same with cisco router as NAT device and it works fine. ----- Original Message ----- From: "Andy David" <[email protected]> To: "'David Ellis'" <[email protected]>; "Fw-1-Mailinglist (E-mail)" <[email protected]> Sent: Saturday, May 19, 2001 6:59 AM Subject: [FW1] RE: [fw1-wizards] FW: Secureremote and Nat, any help would be appreciated > > Also , do a nbtstat -a nameofserver on those machines and make sure nothing > is screwy. > A bogus local hosts file? > Do you have a WINS entry in your network card properties? > How about a Trace route to those servers from your remote workstation? ( > Make sure you are allowing ICMP across the firewall) > Are these servers on a seperate subnet not defined on the firewall? > > ( I know it works w/o the NAT box up, but still worth testing if you already > havent) > > > > > > -----Original Message----- > From: David Ellis [mailto:[email protected]] > Sent: Friday, May 18, 2001 12:27 PM > To: Phoneboy Mailing List ([email protected]) > Subject: [fw1-wizards] FW: Secureremote and Nat, any help would be > appreciated > > > Hi This is Dave again, Let me tell you a little bity more about this issue. > We are not using any form of nat on our firewall or our internal Lan. Every > secureremote user who utilizes FWZ encryption or IKE encryption without > using a nat box at their house works fine. I threw this nat box in my house > and I now have this issue, but if I plug my laptop directly into my internet > connection I get through fine and I can access all the servers including the > 5 I cant access when I utilize my Nat Box. > Thank you > Dave Ellis > > -----Original Message----- > From: David Ellis > Sent: Wednesday, May 16, 2001 4:26 PM > To: Phoneboy Mailing List ([email protected]) > Subject: Secureremote and Nat, any help would be appreciated > > Here is my dillemma, I am experimenting with using secureremote at my house > through a linksys cable dsl router which utilizes nat. We now have firewall1 > with service pack 3. I created myself a user on the firewall utilizing IKE > encryption. On my NAT box at home I have ports 500 and 2746 forwarded to my > internal IP home address. I modified users.c on my home system under the > options section with this line - :force_udp_encapsulation (true). On the > firewall I edited Objects.C after the props line with this - userc_NAT > (true) > :userc_IKE_NAT (true) > And on our firewall object I edited this > line - :isakmp.udpencapsulation ( > :resource ( > :type (refobj) > :refname > ("#_VPN1_IPSEC_encapsulation") > ) > :active (true) > ) > I also created a service entitled VPN1_IPSEC_encapsulation utilizing UDP > port 2746. > OK, Now that part is all set, I go home to utilize secureremote on my home > PC. I log in thru the firewall fine using IKE encryption, It runs my login > script fine from our PDC. I can browse network neighborhood and access the > internal servers and workstations, But now this is the problem, I can access > everything fine accept for 5 servers, one is our main fileserver and one is > our mailserver, But I can access every other server on our lan including our > PDC and BDC's. I try to ping them, the name resolves but no replies. I try > to get to them through network neighborhood and it says network path cannot > be found. It is the wierdest thing. Any suggestions or help would be greatly > appreciated. I must of spent about 30 hours on this so far, on my own time. > And I am logging into the domain fine cause I can access everything else > with my appropriate rights. > Thank you for any assistance you can give. > > > Sincerely, > David Ellis > Systems Engineer > > Tecnomatix - Unicam Inc. > Two International Drive - Suite 150 > http://www.tecnomatix-unicam.com >Tel (Direct) >Mobile >Fax > > > > > --------------------------------------------------------------------- > This email came from the FireWall-1 Wizards Mailing List. > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|