[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote
Yes Don, I am having the same problems. I have NG setup in a very basic config and when the securemote client connects the topology is sent OK and the user authenticates (via LDAP info from 2K DC). What happens then is that I get inconsistant connections that seem OK, but sometimes fail. The checkpoint FW/VPN Gateway sees this traffic but for some reason it is lost from this point. I don't have any tools on this network to monitor the traffic or the time to problem solve. If you find out the answer to this problem please let me know. Sorry I wasn't any help. Thanks Dan -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Huovinen Jani Sent: 18 March 2002 07:36 To: [email protected] Subject: Re: [FW-1] SecuRemote I have seen your first problem many times.. its got something to do with "site" =) If I want to stop using securemote I usually delete site. Haven't got any other solution. And make it again.. -Jani -----Original Message----- From: Don [mailto:[email protected]] Sent: 18. maaliskuuta 2002 7:07 To: [email protected] Subject: [FW-1] SecuRemote Ok after numerous problems, I am finally contacting the list. I am having the following two problems with SecuRemote. Build 51057 on Win2k/XP CP FW-1 NG FP1 First, under Windows 2k (and XP), when a user right clicks on the Securemote envelope and selects "Stop VPN-1 SecureClient," this does not always stop SecuRemote. The SR envelope will disappear from the system tray, but users will not be able to connect to the firewall (Which is in the encryption domain) as SR is still getting in the way. If the user updates the site, and then immediately shuts down SR, they can then contact the firewall for user auth. Needless to say this is causing a number of problems. Has anyone else seen this? Second, I am having problems getting SR to work at all at times. I have users configured with IKE, hybrid mode authentication, 3DES, SHA1, etc. I can connect to the firewall to download the topology and the authorization succeeds. The topology is downloaded. Now when I try to connect to a system within the encryption domain, I am prompted for my login and password, I am authenticated, and then... nothing. If I tcpdump on the external interface of the firewall I see the IKE session succeed and then I see UDP port 2746 traffic coming from my SR system and going to the firewall. However, a tcpdump on the internal interface shows absolutely nothing headed towards the target system. I see not traffic going to the system I am trying to reach, or coming from my SR system (either from it's internal interface or the from the address it is translated to by my firewall. The firewall logs show a successful authentication, and then absolutely nothing. The traffic just seems to disappear inside the firewall. The thing is, this config works on other firewalls, and use to work on this firewall. There just is not enough log information in the firewall to troubleshoot this. Has anyone had similar problems? -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|