Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Problem with enabling UDP Encryption for SecuRemote

To: [email protected]
Subject: [FW-1] Problem with enabling UDP Encryption for SecuRemote
From: Shawn Kearley <[email protected]>
Date: Thu, 24 Jan 2002 16:28:53 -0330
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I am attempting to configure UDP encapsulation for SecuRemote as specified
in the PhoneBoy FAQ, to try and get a vendor VPN connection working from
within their network and am experiencing a problem that I hope someone here
can help with.

After modifying objects.C as specified in the document, and sending a new
userc.c file to the vendor, when he connects  to our network, I see the
successful authentication, and am initial Decrypt packet for the connection
he is attempting , however he is still unable to connect to the internal
resource on our network.

When I look in the Firewall logs I see the following packet

                Action: Drop
                Service: VPN1_IPSEC_encapsulation
                Source: my firewall's internal Interface
                Destination: Vendor's Internet address
                Protocol: UDP
                Rule: 0
                Info: reason: local interface address spoofing

I have tested the VPN connection from an ADSL router connected directly to
the Internet and did not experience any VPN problems.  I do not have any
anti-spoofing rules enabled on any of the Firewall's Interfaces, (All
interfaces allow ANY addresses.)

Any ideas on why this may be happening, and what if anything I may be able
to do to correct this.

I am running FW1 4.1-SP4 on WinNT 4.0 sp 6a

Thanks
Shawn




======================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.

Phone:Fax:Email: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Problem with enabling UDP Encryption for SecuRemote
  - From: Jim MacLeod <[email protected]>

Prev by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Next by Date: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Previous by thread: Re: [FW-1] Checkpoint vs. Cisco VPN Client
Next by thread: Re: [FW-1] Problem with enabling UDP Encryption for SecuRemote
Index(es):
- Date
- Thread