[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Tale of SecuRemote over BellSouth aDSL
For the last several months I have tried several thousand ways (by request) to get various aDSL routers to work with SecuRemote in Dynamic Mode . By this, I mean using the "Dynamically" assigned IP address from BellSouth, and using the NAT function of the various aDSL router devices. This was done purely in a effort to save $60 BellSouth charges for 5 static IP addresses per aDSL line. Doing phase 1 and 2 authentication goes well. The Firewall does in each case gives the IKE key to the Bellsouth modems dynamically assigned "Pubic" address. This is verified by the log file which will also show a drop of all packets coming from 192.168.3.130, the SecuRemote client. This is not unexpected since aDSL modems are not routers. Using the BellSouth $40 method of using a single %static IP address does not work for the same reason; modems are not routers and the routers will not NAT properly that is fully compatible with SecuRemote and the Dynamically assigned (static) IP addresses etc..... I have no problem setting up a SecuRemote session using the Cayman 3220H with the 5 static IP addresses without the need to do NAT (static end to end, simple math). There is a serious problem using the LinkSys and Asante devices with the static IP addresses. They will work eventually when connected and reconnected several dozen times. The problem is that these various devices do not pick up the BellSouth routing information properly during logon and network negotiations. Now I know that many may be wondering if my Firewall has the right version and service pack, and if I opened the right ports, yes to all points. Now for those of you who claim to have SecuRemote working at home using only the Dynamically assigned IP address from "BELLSOUTH" answer these few questions. 1) Do you use BellSouth aDSL? 2) Do you use PPOE with a Dynamically assigned IP address only? 3) Do you use a Speed Touch aDSL modem with A LinkSys router doing NAT (numerous models) ? and lastly, 4) Do you use FW1/VPN1 4.1 SP5 with matching SecuRemote client and establish a valid VPN tunnel into the corporate internal network. If you can answer yes to all these questions please fell free to reply, and tell me by what simple means you have accomplished this small feat. I apologize to those that have a ISP similar to BellSouth. I have no way of knowing how there networks are setup. If you feel that your ISP is setup the same please feel free to reply. Yes, I have read many similar articles concerning this subject. P.S. Please, no rock throwing. I bruise easily at my age. Thank you for your help and time, steve. If you want, email me directly at [email protected] or [email protected] (yes, it is a long story). ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|