Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecureRemote access problems

To: [email protected]
Subject: [FW-1] SecureRemote access problems
From: kawin <[email protected]>
Date: Mon, 11 Feb 2002 11:46:55 -0500
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Greetings!

I'm new to the board.  I currently set up an IP530 Firewall-1 for my site.
Here's the problem:

I have remote clients that VPN into the firewall, they have success reaching
my internal network (192.168.1.0/24).  When they come in they are given an
internal address (192.168.2.0/24) from a NAT pool I set up.

We have another network to Los Angeles (192.168.15.0/24) that we currently
VPN to with our Shiva box.

We also have a VPN tunnel via our Firewall-1 to another partner company with
a Firewall-1 as well.

The remote clients cannot get to the other networks (192.168.15.0/24 and
10.0.0.0/24) we VPN to.
I have set up static routes through Voyager to route the appropriate IP
blocks.

In my policy editor, I have "remote clients" as the source, "any" as
destination, "any" as service, "client encrypt" as action, and installed on
my firewall.

My question is this:  when remote clients VPN to our firewall, why can't
they VPN back out to say our other network (192.168.15.0/24) or our partner
company (10.0.0.0/24), which we already have VPN tunnels to?  My internal
hosts here can access the 192.168.15.0/24 network as well as the partner
company 10.0.0.0/24.  However, the remote clients cannot, even though in the
policy editor their IP range is included in the domain to be trusted.

Any help would be greatly appreciated!

Thanks,

Kawin

___________________
Kawin Boonyapredee
Network Specialist
VNU REI [email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Cannot download from IBM ftp site
Next by Date: [FW-1] AW: [FW-1] Nokia default factory values
Previous by thread: [FW-1] AW: [FW-1] NAT and "too many internal hosts"
Next by thread: [FW-1] Nokia boot manager.
Index(es):
- Date
- Thread