Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN

To: [email protected]
Subject: Re: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN
From: Chris Arnold <[email protected]>
Date: Thu, 17 Jan 2002 13:47:59 -0500
Comments: To: "[email protected]" <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

If you're management console has an SSH server installed, consider doing
this:

http://www.sudoers.com/people/cmarnold/projects/ssh/index.html

Chris

---
Tim Jones <[email protected]>
Sent by: Mailing list for discussion
To: [email protected]
Subject: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN


Hello.

I'm having two issues with FW-I 4.1, SecureClient, and
the FW-I GUI client that I'm hoping someone can help
me with.  Here they are:

1) Our VPN encryption domain is 192.168.0.0/16.  One
of the management station's interfaces uses an IP in
this range; however, when trying to connect to that IP
with the GUI client while connected to the VPN, it
doesn't work.  It seems that the traffic doesn't try
to go through the VPN despite the fact that the
destination address is in the encryption domain.  When
pinging the IP, however, the traffic does indeed go
through the VPN, and the ping is successful.

I ran across this link:
http://support.checkpoint.com/public/publisher.asp?id=faf384f6-d59e-11d4
-a57a24&resource

&number=4&isExternal=0.


It only deals with NG, however -- the crypt.def entry
that it references isn't present on our management
station.

So, is there any way to tell GUI client traffic to go
though the VPN with version 4.1?

2) Our management station also has an external,
routeable IP address.  For whatever reason, it's
possible for me to connect to the GUI client via this
IP address while connected to the VPN using an
"Encryption Only" policy.  This external IP isn't in
the encryption domain, however, and nothing else
outside the encryption domain is accessible in this
manner.

Does anyone know why this is the case, and, how to
prevent it?

All help is appreciated.  Thanks!

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN
  - From: me <[email protected]>

Prev by Date: [FW-1] Firewall-1 & SBR RADIUS Account
Next by Date: Re: [FW-1] Checkpoint FW-1 2000 installation on Windows 2000
Previous by thread: [FW-1] New Checkpoint Appliances from RapidStream
Next by thread: Re: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN
Index(es):
- Date
- Thread