NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote



Yes Don, I am having the same problems.  I have NG setup in a very basic
config and when the securemote client connects the topology is sent OK and
the user authenticates (via LDAP info from 2K DC).  What happens then is
that I get inconsistant connections that seem OK, but sometimes fail.  The
checkpoint FW/VPN Gateway sees this traffic but for some reason it is lost
from this point.  I don't have any tools on this network to monitor the
traffic or the time to problem solve. If you find out the answer to this
problem please let me know.  Sorry I wasn't any help.

Thanks

Dan

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Huovinen Jani
Sent: 18 March 2002 07:36
To: [email protected]
Subject: Re: [FW-1] SecuRemote


I have seen your first problem many times.. its got something to do with
"site" =) If I want to stop using securemote I usually delete site. Haven't
got any other solution. And make it again..


-Jani

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: 18. maaliskuuta 2002 7:07
To: [email protected]
Subject: [FW-1] SecuRemote

Ok after numerous problems, I am finally contacting the list.

I am having the following two problems with SecuRemote.
Build 51057 on Win2k/XP
CP FW-1 NG FP1

First, under Windows 2k (and XP), when a user right clicks on the
Securemote envelope and selects "Stop VPN-1 SecureClient," this does not
always stop SecuRemote. The SR envelope will disappear from the system
tray, but users will not be able to connect to the firewall (Which is in
the encryption domain) as SR is still getting in the way.

If the user updates the site, and then immediately shuts down SR, they
can then contact the firewall for user auth.

Needless to say this is causing a number of problems. Has anyone else seen
this?

Second, I am having problems getting SR to work at all at times.

I have users configured with IKE, hybrid mode authentication, 3DES, SHA1,
etc.

I can connect to the firewall to download the topology and the
authorization succeeds. The topology is downloaded.

Now when I try to connect to a system within the encryption domain, I am
prompted for my login and password, I am authenticated, and then...
nothing.

If I tcpdump on the external interface of the firewall I see the IKE
session succeed and then I see UDP port 2746 traffic coming from my
SR system and going to the firewall. However, a tcpdump on the internal
interface shows absolutely nothing headed towards the target system. I see
not traffic going to the system I am trying to reach, or coming from my SR
system (either from it's internal interface or the from the address it is
translated to by my firewall.

The firewall logs show a successful authentication, and then absolutely
nothing. The traffic just seems to disappear inside the firewall.

The thing is, this config works on other firewalls, and use to work on
this firewall. There just is not enough log information in the firewall to
troubleshoot this. Has anyone had similar problems?

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.