| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] SecuRemote & VPN-1 NG
- To: [email protected]
- Subject: [FW-1] SecuRemote & VPN-1 NG
- From: Zdeněk Sychra <[email protected]>
- Date: Sun, 3 Mar 2002 18:38:23 +0100
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcHC2jfiIlEamVtwSZ+DK93kn+Z+iQ==
- Thread-topic: SecuRemote & VPN-1 NG
Hello,
can you anybody help me? It might seem as easy case, but I spent a lot of time and I don't know where is mistake.
So there is a situation:
PC1: pc 10.0.0.4
FW: external IP 10.0.0.2; internal 192.168.1.1
all internal site is hide behind 1 valid IP (hide NAT)
PC2: ftp server 192.168.1.2
I made on FW port mapping for ftp server and it works well. I can get from PC1 to ftp server running on PC2. I built authentication - it works fine.
Now I would like to configure SecureRemote on PC1. I imagine that the "secret tunnel" will be between PC1 and FW and internal site behind fw will be "plain" - without encryption.
So I set on FW:
- encryption domain (internal site) and authentication protocol (IKE - I used the button - set IKE default)
- chose Exportable for SecuRemote
- user's authentication and encryption settings
- created group Secret that consist of PC1, FW, internal(?)
- added rule any any any drop (Last Rule)
On PC1:
- installed SecuRemore
- controlled setting for encryption to be the same as on FW
- added site 10.0.0.2: it works fine - I was authenticated and site was create. I can update site without problems.
And now I don't know what to do. When I added rule for users and chose Client Encrypt I was not able ftp. I tried to add rule Secret Secret anz Encrypt but it did not work. In log there was Encryption/Decryption problem or ftp was drop by Last Rule. If I changed Last rule for accept there was (in log): decrypt ftp and I could get to ftp server. But in Network monitor I saw in packets user and passw for ftp session in plain text. I thought that should be encrypt. I tried a lot of things but the coclusion was - my confusing.
Secret authentication worked ok - in Network monitor I saw port 500 where ran exchanging keys, but that was all. I read somewhere encryption for sending data (after exch. keys) should be done with IPSec, but where to set or control it ...
That's all. Sorry for long decription but I think it was necessary.
Thank for help and any ideas in advance.
zdenek
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
