[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote with IKE



Since you can see the key exchange go well, I would do a
snoop/tcpdump on the internal interface and watch for
the traffic (web page request) going out.

You want to ensure you see the packets come in your
outside interface, out your inside interface and being
destined to your web server.

You should then see reply packets coming from your web
server to your client.  If you don't see packets coming
from the web server I'd check for routing from the web
server to the IP address that is being assigned to the
client.

Also, will you need to do a PROXY ARP on the firewall
for the GUI client IP on the internal interface?

Jose
>  do you get error: communication failed after authentication or the
> connection stays good?
> do you have SecureClient/securemote license installed on your fw-1?
>
> Is it possible for you to give us a vague idea of your n/w?
> what type of connection are the clients using? (DSL,Dial-up, Cable)
> How many entry and exit points do you have in your network?
>
> some info like that would help a lot to trace down the problem.
>
> -----Original Message-----
> From: Elisabeth Wonders [mailto:[email protected]]
> Sent: Friday, May 10, 2002 9:32 AM
> To: [email protected]
> Subject: Re: [FW-1] SecuRemote with IKE
>
>
> My first thought is that there may be a routing problem.  The traffic's
> getting out but can't find it's way back to the client.  That's usually the
> problem  when I encounter these symptoms.
>
> Any networking gurus care to chime in here?
>
> Elisabeth
>
>
>
> Hello again,
>
> --snip --
> Authentication to Firewall was great but after that nothing happens.
> From the Firewall logs i can see that key exchange does happen and when
> i tried accesing my internal webpages, i can see that traffic from the
> SRClient to the internal ip is getting decrypted for http services, but
> im not getting my webpage.
>
>
>
> NOTE: This electronic message and attachment(s), if any, contains
> information which is intended solely for the designated recipient(s).
> Unauthorized disclosure, copying, distribution, or other use of the contents
> of this message or attachment(s), in whole or in part, is prohibited without
> the express authorization of the author of this message.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================