Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote connection behind NAT

To: [email protected]
Subject: Re: [FW-1] SecuRemote connection behind NAT
From: Yim Lee <[email protected]>
Date: Wed, 6 Feb 2002 09:13:29 -0800
In-reply-to: <001601c1aeae$f597e6c0$7b33010a@c2052>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

1.  I followed the document:

http://support.checkpoint.com/kb/docs/public/securemote/4_1/pdf/hybrid-2-10.pdf

2.  Your fw needs to be 4.1 SP2 and the securemote
client needs to be build 4165.

3.  Make sure your securemote client software match
what you have licensed and configured in your fw.
This was one of my problems.  I picked up a DES
version of the securemote client and I configured my
fw for 3DES.  The log only indicates that I configured
the user incorrectly but does not indicate why.

4.  The private ip address of the client can not be in
your encrytion domain.

HTH

Yim
--- Terry Cheung <[email protected]> wrote:
> Dear all,
>
> Can anyone tell me how to configure a SecuRemote PC
> behind a firewall or
> proxy server (NAT enable) to connect back to our
> network? We are running
> FW-1 V4.1 with SP5. We try both IKE and FWZ but no
> luck. From the FWZ
> testing, we found that the firewall can see the
> address of the other site's
> gateway. However, we cannot ping any computers
> inside our network except the
> firewall.
>
> PC ---> Gateway with NAT --->  Internet  ---> FW-1
> VPN ---X
> FWZ
>
> From the IKE testing, we can see the PC's internal
> address e.g. 192.168.1.x
> from the firewall log.
>
> Since we only allow one person from the other
> network to connect back to us,
> we will not use gateway to gateway VPN in this case.
>
> Regards
>
> Terry
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] SecuRemote connection behind NAT
  - From: Terry Cheung <[email protected]>

Prev by Date: Re: [FW-1] In which order to aplay SP5 on Solaris ...?
Next by Date: Re: [FW-1] NG and Solaris 2.8
Previous by thread: [FW-1] SecuRemote connection behind NAT
Next by thread: Re: [FW-1] FW-1 and AceServer 5.0.1
Index(es):
- Date
- Thread