NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN Problem with HTTPS

  • To: [email protected]
  • Subject: Re: [FW-1] VPN Problem with HTTPS
  • From: Lars Troen <[email protected]>
  • Date: Tue, 23 Apr 2002 15:47:24 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcHqM5ky9gKp+B2QRAe9+iw/pwarbAAA8sEwAAFEFXAAARUsgAAVyQmAAAvDdsAAAXzuIA==
  • Thread-topic: Re: [FW-1] Problem Running Shell Scripts on Nokia
hmm.. It seems I read your post a bit too fast.. You're obviously not using sr..


1. Are you using telnet or web auth for clilent auth?
2. Have you edited properties on the client auth tab to ensure that you have enough priviliges to completly load a page.
3. What are the messages in you fw log?

Lars


> -----Original Message-----
> From: Arvanitis, Steve [mailto:[email protected]]
> Sent: Tuesday, April 23, 2002 15:07
> To: [email protected]
> Subject: Re: [FW-1] VPN Problem with HTTPS
>
>
> The users are assigned IP addresses by their service provider.  They
> seem to be valid internet addresses.
>
> -----Original Message-----
> From: Lars Troen [mailto:[email protected]]
> Sent: April 23, 2002 3:27 AM
> To: [email protected]
> Subject: Re: [FW-1] VPN Problem with HTTPS
>
> Are the users using private IP addresses? How do these ip addresses
> route within your network? Check the log viewer to see what
> ip addresses
> they're using. The problem might be that the reply packets
> are routed in
> another direction. IP Pool NAT for Securemote would solve this in most
> cases.
>
> Lars
>
> > -----Original Message-----
> > From: Arvanitis, Steve [mailto:[email protected]]
> > Sent: Monday, April 22, 2002 23:07
> > To: [email protected]
> > Subject: Re: [FW-1] VPN Problem with HTTPS
> >
> >
> > The users do manage to authenticate it's just after
> > authentication they
> > can not access SSL pages on the accepted server.
> >
> > The rule looks like this
> >
> > Source                  Destination     Service
> > Users@any               server1         http, https
>     Client
> > auth
> >
> > -----Original Message-----
> > From: Christopher Gripp [mailto:[email protected]]
> > Sent: April 22, 2002 4:32 PM
> > To: [email protected]
> > Subject: Re: [FW-1] VPN Problem with HTTPS
> >
> > I'm not sure if this would matter but, have you verified their proxy
> > settings?  Maybe Rogers Cable sets a proxy and it is
> screwing up your
> > auth.  Just a thought.
> >
> >
> >
> >
> > Christopher Gripp
> > Systems Engineer
> > Axcelerant
> >
> > "Impartiality is a pompous name for indifference, which is
> an elegant
> > name for ignorance."  G.K. Chesterton
> >
> > > -----Original Message-----
> > > From: Arvanitis, Steve [mailto:[email protected]]
> > > Sent: Monday, April 22, 2002 1:06 PM
> > > To: [email protected]
> > > Subject: [FW-1] VPN Problem with HTTPS
> > >
> > >
> > > Hello all,
> > >
> > > The user puts in the address ex. http://whatever.com they are
> > > then asked
> > > to authenticate with SecureID.  Once they get authenticated
> > and try to
> > > access a link to a web page that is SSL (HTTPS) the request
> > is dropped
> > > at the last rule.  The funny thing is that the problem is
> > only showing
> > > up with users that have Cable with Rogers.  Users that
> are with any
> > > other service provider have no problems what so ever.  I have
> > > exhausted
> > > my resources and I have no other ideas of how to trouble shoot
> > > this....HELP!
> > >
> > >
> > > Thanks
> > > steve
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.