Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Secure Client Question involving NAT and NG

To: [email protected]
Subject: [FW-1] Secure Client Question involving NAT and NG
From: Don <[email protected]>
Date: Tue, 1 Jan 2002 21:40:44 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

To clarify an earlier post:

I have a desktop system on an RFC 1918 address (10.3.1.101) connecting to
the Internet through a CheckPoint 4.0 firewall using hide mode address
translation.

I have another network across the Internet, 172.16.0.0/16 behind a
CheckPoint NG firewall. There is _NO_ NAT taking place on this firewall.

When I try to connect from my 10.3.1.101 desktop to a server on the
172.16.0.0/16 network, nothing happens. All logs show the connection being
accepted.

When I try to connect to a server on a different 172.16.0.0/16 network,
using the same desktop system (With a different site defined in Secure
Client of course) everything works. The only difference is that this
second network is behind a CheckPoint 4.1 firewall instead of a CheckPoint
NG firewall.

I am using SecureClient build 51057 running on Windows 2000 SP2.

I am using CheckPoint NG Feature Pack 1 downloaded yesterday as a full
install on a Windows NT 4.0 SP6a server.

My SC desktop security rules allow all traffic in both directions. My
ruleset has two rules. The first allows remote users into the network with
client encryption. The second rule allows any traffic to anywhere.

I am using SC in transparent mode, not connect mode. When I try using
connect mode, I get an authentication success, but a tunnel test failure.

I am using IKE over TCP, as well as UDP encapsulation.

I am using IKE hybrid mode for authentication using VPN-1/FW-1 password
for authentication.

Is there anything in NG that might cause this situation to fail, whereas
it would work under 4.1?

Any help would be greatly appreciated.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] SecuRemote, NAT, and Firewall-1 NG
Next by Date: Re: [FW-1] NG Policy Editor crash when start
Previous by thread: [FW-1] SecuRemote, NAT, and Firewall-1 NG
Next by thread: Re: [FW-1] NG Policy Editor crash when start
Index(es):
- Date
- Thread