Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecuRemote, NAT, and Firewall-1 NG

To: [email protected]
Subject: [FW-1] SecuRemote, NAT, and Firewall-1 NG
From: Don <[email protected]>
Date: Tue, 1 Jan 2002 12:46:48 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have the following situation :
SecuRemote - Hide Mode FW - Internet - Firewall (NG) - Server on 10.6 addr

The SecuRemote client, on 192.168.1.100, can not access the web server on
the 10.6.1.100 address. The SecuRemote client is hide mode NAT'd and the
web server is not NAT'd at all.

When the SecuRemote client has a real IP address, this works just fine.
When it is being hide mode NAT'd it does not work.

If the two firewalls are on the same subnet, and I add a route back to the
192.168.x.x  network on the NG firewall through the 4.0 firewall, this
will also work.

I have
:userc_IKE_NAT (true)

In my objects.C file. I have UDP encapsulation enabled on the SecuRemote
client.

The problem is that I have set up this exact situation many times before
using CheckPoint 4.1 and it works fine. In most of those cases, I am
accessing a 172.16.x.x network from my 10.3.x.x desktop through my
CheckPoint 4.0 firewall doing hide mode NAT.

The Firewall is NG Feature Pack 1 running on Windows NT Service Pack 6a
upgraded from NG off the CD.

The SecuRemote client is Windows 2000 Service Pack 2 with SecuRemote NG
build 51057

A tcpdump on the 10.6 network shows traffic originating either from the
192.168.1.100 address, or from the IP NAT Pool I configured, as well as
the appropriate return traffic from the web server.

A tcpdump on the external network shows UDP 2746 traffic between the
external IP addresses of both firewalls which is correct when UDP
encapsulation it used.

I am going to reinstall the NG firewall and see if that fixes the problem.
Please let me know if something I am trying to do here is just completely
wrong.

Thanks,
-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Next by Date: [FW-1] Secure Client Question involving NAT and NG
Next by thread: [FW-1] Secure Client Question involving NAT and NG
Index(es):
- Date
- Thread