Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS

To: [email protected]
Subject: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
From: Mike Crowhurst <[email protected]>
Date: Tue, 18 Jun 2002 09:04:21 +0100
References: <003b01c2117e$a108dfa0$0800a8c0@uklukxp1> <004301c211d5$41fb4e10$0100a8c0@orac> <000601c2120e$63bb5a20$0100a8c0@orac>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

OK, having run some more test at the office and checked some old Firewall
Logs, here's the story so far.

We use Checkpoint Firewall-1 and SecureClient 4.1 to provide VPN access to
the office. This used to work via my Microsoft Internet Connection Sharing
at home (Windows XP as 'server' Windows 2000 or XP as client), using a
laptop within my home LAN as the client. Since moving the VPN onto a
seperate ISP connection and Firewall-1 instance at the office (thanks to the
impending KPNQwest crash), it no longer works via ICS. The VPN is available
on the new address, but only via direct internet connections and not ICS.

Connections to the VPN show the initial login & authentication packets with
source & destination addresses of the Firewall-1 device and my External ICS
address. Subsequent traffic via the VPN shows the source address as the
client's internal network address. This was initially assumed to be the
problem, as equipment on our network won't of course know how to get back to
ICS 192.168.0.x addresses.

However, having checked back on some historical FW-1 logs, from a day when I
had an active, working VPN session via ICS, I see exactly the same kind of
behaviour. Initial authentication shows the FW-1 address and external ICS
address, but subsequent traffic is shown in the FW-1 logs with the Internal
ICS address as the source.

Having run NetMon captures on my ICS server & client boxes at home, I see
exactly the same behaviour there now as I did back when the VPN via ICS
worked - except for the fact that I receive no response packets to any
traffic after the initial authentication.

Does anyone have any ideas??

I've tried researching this elsewhere, including via the Checkpoint web
site, but no-one seems to have any information regarding Secure Client VPN
via ICS. Some web sites even claim that this configuration cannot work, but
I know from many, many hours of live experience using the solution that it
can.

Any help at all much appreciated.

Mike.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
  - From: Don <[email protected]>

References:
- Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
  - From: Richard Marshall <[email protected]>
- Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
  - From: Mike Crowhurst <[email protected]>
- Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
  - From: Mike Crowhurst <[email protected]>

Prev by Date: [FW-1] Antwort: [FW-1] AW: [FW-1]
Next by Date: [FW-1] AW: [FW-1] Antwort: [FW-1] AW: [FW-1]
Previous by thread: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
Next by thread: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
Index(es):
- Date
- Thread