[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Problem with SecuRemote
Sorry for the re-post, but have to get this resolved. If anyone knows what I am doing wrong, please let me know ASAP. Thanks... Thanks for the info. Same problem unfortunately. Here is what I did. I checked that all the interfaces have ARP entries with the proper MAC address. They do. As for the Permanent ARP Entries, I added the first IP address in the pool as a Proxy Only ARP with the MAC address of the 66. network interface. I have checked the log to make sure the address I added to the ARP table was indeed the address that is being given by the firewall during authentication. In addition the second rule I mentioned in the previous email is being used when I make the connection. After that, nothing in the log to indicate an error or restriction. I am obviously new to this so hang with me. The Public interface is my 12.xx.xx.xx. The servers that my firewall are protecting are on the 66.xx.xx.xx. The ip range in my NAT pool are in the 66. range. The ARP entry I added is 66.xx.xx.xx and I used the MAC address of the 66. interface. Is this correct? -Scott -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Don Sent: Tuesday, February 05, 2002 4:14 PM To: [email protected] Subject: Re: [FW-1] Problem with SecuRemote > My Firewall object has "use IP pool NAT for SecuRemote Connections" selected > under the VPN tab > The allocated address come from a network object I set up with valid IP > address to use for VPN Did you configure proxy ARP's for all of those address so that the firewall knows to answer repies sent to the NAT Pool? For every address in the NAT Pool you need to make sure that those addresses are routed back to the firewall. You also need to make sure you have an ARP entry for each adress with the MAC address of whatever network card on the firewall is on that network. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|