[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecuRemote & VPN-1 NG
Hello, can you anybody help me? It might seem as easy case, but I spent a lot of time and I don't know where is mistake. So there is a situation: PC1: pc 10.0.0.4 FW: external IP 10.0.0.2; internal 192.168.1.1 all internal site is hide behind 1 valid IP (hide NAT) PC2: ftp server 192.168.1.2 I made on FW port mapping for ftp server and it works well. I can get from PC1 to ftp server running on PC2. I built authentication - it works fine. Now I would like to configure SecureRemote on PC1. I imagine that the "secret tunnel" will be between PC1 and FW and internal site behind fw will be "plain" - without encryption. So I set on FW: - encryption domain (internal site) and authentication protocol (IKE - I used the button - set IKE default) - chose Exportable for SecuRemote - user's authentication and encryption settings - created group Secret that consist of PC1, FW, internal(?) - added rule any any any drop (Last Rule) On PC1: - installed SecuRemore - controlled setting for encryption to be the same as on FW - added site 10.0.0.2: it works fine - I was authenticated and site was create. I can update site without problems. And now I don't know what to do. When I added rule for users and chose Client Encrypt I was not able ftp. I tried to add rule Secret Secret anz Encrypt but it did not work. In log there was Encryption/Decryption problem or ftp was drop by Last Rule. If I changed Last rule for accept there was (in log): decrypt ftp and I could get to ftp server. But in Network monitor I saw in packets user and passw for ftp session in plain text. I thought that should be encrypt. I tried a lot of things but the coclusion was - my confusing. Secret authentication worked ok - in Network monitor I saw port 500 where ran exchanging keys, but that was all. I read somewhere encryption for sending data (after exch. keys) should be done with IPSec, but where to set or control it ... That's all. Sorry for long decription but I think it was necessary. Thank for help and any ideas in advance. zdenek ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|