NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote and Cisco Pix



> The service I try, be it Telnet or Net Support (port 5405) is now decrypted
> fine, with a source address shown as the remote Pc's real address in the
> log:
This is correct behavior. If you would rather the SR client appear to have
an IP on the office network, you can either enable IP NAT Pools or try
using "Office Mode" in NG.

> But there is no sign of real conenction between the remote site and the
> target eg no response to the telnet request.
Can you check the network table of the host you are trying to connect to
to see if it is seeing the connection? For example, open up a connection
from the SR client to a server in the encryption domain and then type:
netstat -an on that system. You should see a connection to that server
from the SR clients real IP address and on the port for the service you
are using.

Also, the system behind the PIX has an IP address in the 192.168.24.x
network, but what is the IP address of the server you are trying to
connect to? If it is also on the 192.168.24.x network, the server is going
to respond to the traffic locally, instead of sending it back to the
firewall.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.