Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Problem with SecuRemote

To: [email protected]
Subject: [FW-1] Problem with SecuRemote
From: Scott Elder <[email protected]>
Date: Tue, 5 Feb 2002 14:30:14 -0700
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have recently installed a Nokia IP330 firewall with VPN-1.  I also have
the licenses I need for Securemote installed.  I have stopped and started
the firewall and all seems to be OK except when I try to use the VPN.  Here
is my configuration:

I am running Checkpoint 4.1
Under Policies/Properties/IP Pool NAT/ I have selected Enable
My Firewall object is using the outside IP address (12.xx.xx.xx)
My Firewall object has "use IP pool NAT for SecuRemote Connections" selected
under the VPN tab
The allocated address come from a network object I set up with valid IP
address to use for VPN
On the VPN tab I have my domain set as the entire network behind the
firewall (66.xx.xx.xx)
I am using the IKE encryption scheme with 3DES and shared secrets being
selected
On the Authentication tab of my firewall object I have VPN-1 & FW-1 Password
selected only
I have one user set up (me) and added to a test group
For my user account I have the authentication set to VPN-1 & FW-1 Password
I have encryption set as IKE - 3DES with the same password as my user
account
I have 2 new rules set up:
1. Source = Any   Destination = MyFireWallObj   Service = RDP & IKE   Action
= Accept
2. Source = Me@Any   Destination = 66. Network   Service = Any   Action =
Client Encrypt

Now for what the problem is.  When I try to connect to one of my servers I
get the Authentication screen from Securemote.
I enter the user name and password and after a few seconds it comes back and
says that I have been successfully authenticated by VPN-1.  However, anytime
I try to access the sever (ping, http, etc...), I get timeouts and nothing
comes back.

It looks like (from the log files) everything is getting to the IP330 but
nothing is making it back to the client.

Any ideas???

Thanks,
Scott

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Problem with SecuRemote
  - From: Don <[email protected]>

Prev by Date: Re: [FW-1] How to block instant messenger traffic
Next by Date: Re: [FW-1] Manual IPSEC from VPN to SonicWall
Previous by thread: Re: [FW-1] Manual IPSEC from VPN to SonicWall
Next by thread: Re: [FW-1] Problem with SecuRemote
Index(es):
- Date
- Thread