Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecuRemote

To: [email protected]
Subject: [FW-1] SecuRemote
From: Don <[email protected]>
Date: Mon, 18 Mar 2002 00:06:44 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Ok after numerous problems, I am finally contacting the list.

I am having the following two problems with SecuRemote.
Build 51057 on Win2k/XP
CP FW-1 NG FP1

First, under Windows 2k (and XP), when a user right clicks on the
Securemote envelope and selects "Stop VPN-1 SecureClient," this does not
always stop SecuRemote. The SR envelope will disappear from the system
tray, but users will not be able to connect to the firewall (Which is in
the encryption domain) as SR is still getting in the way.

If the user updates the site, and then immediately shuts down SR, they
can then contact the firewall for user auth.

Needless to say this is causing a number of problems. Has anyone else seen
this?

Second, I am having problems getting SR to work at all at times.

I have users configured with IKE, hybrid mode authentication, 3DES, SHA1,
etc.

I can connect to the firewall to download the topology and the
authorization succeeds. The topology is downloaded.

Now when I try to connect to a system within the encryption domain, I am
prompted for my login and password, I am authenticated, and then...
nothing.

If I tcpdump on the external interface of the firewall I see the IKE
session succeed and then I see UDP port 2746 traffic coming from my
SR system and going to the firewall. However, a tcpdump on the internal
interface shows absolutely nothing headed towards the target system. I see
not traffic going to the system I am trying to reach, or coming from my SR
system (either from it's internal interface or the from the address it is
translated to by my firewall.

The firewall logs show a successful authentication, and then absolutely
nothing. The traffic just seems to disappear inside the firewall.

The thing is, this config works on other firewalls, and use to work on
this firewall. There just is not enough log information in the firewall to
troubleshoot this. Has anyone had similar problems?

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] NG on SuSE Linux 7.3
Next by Date: [FW-1] off topic: How to switch windows automatically?
Previous by thread: [FW-1] NG and PPPoE
Next by thread: Re: [FW-1] SecuRemote
Index(es):
- Date
- Thread