[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] RE : [FW-1] NAT through VPN... Urgent
Guys thanks for the answer. My comments are the following: I am trying to connect to a NATTED IP Address The SA is exchanged and the key is installed. In the rule I have the following: any@any Internal_Host any Client_encrypt Long The problem is the following I have two services on the Internal_Host which are unabled, ICA Port: 1494 and ftp. I have tried the following: telnet Internal_machine 1494 I get connection failed. Also with the ftp I get a timeout too. When I try to telnet of ftp from an internal machine to the internal_Host it works!!! I was looking to my firewall log I found that the two requests for ftp and ica were dropped. The following test was tested with both Internal IP address and Natted IP address. (Note that my Natted IP address is in the Range of Internal IP addresses) I hope that this is going to clarify the problem. Thanks in advance. Slim > -----Message d'origine----- > De : Mailing list for discussion of Firewall-1 [mailto:FW-1- > [email protected]] De la part de Reinhard Stich > Envoyé : Wednesday, April 24, 2002 1:22 PM > À : [email protected] > Objet : Re: [FW-1] NAT through VPN... Urgent > > At 11:41 24.04.2002 +0200, you wrote: > >comments below.. > > > > > -----Original Message----- > > > From: Reinhard Stich [mailto:[email protected]] > > > Sent: Wednesday, April 24, 2002 09:08 > > > To: [email protected] > > > Subject: Re: [FW-1] NAT through VPN... Urgent > >[snip] > > > * this machine has to be part of your encryption-domain > > > >And also the machine's NAT address. > > > > > * you have to connect to the *internal* ip-address of the machine > > > >not entirely correct. It's possible to use securemote to connect to a > >NAT'ed (non-internal) ip address as long as it (read: the NAT'ed ip > >address) is part of the encryption domain. > > does it work with the internal ip-address? what do you see in your logs? > > cheers > -reinhard > > > -- > Reinhard Stich, ASSIST [email protected] > Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 > Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|