[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
OK, having run some more test at the office and checked some old Firewall Logs, here's the story so far. We use Checkpoint Firewall-1 and SecureClient 4.1 to provide VPN access to the office. This used to work via my Microsoft Internet Connection Sharing at home (Windows XP as 'server' Windows 2000 or XP as client), using a laptop within my home LAN as the client. Since moving the VPN onto a seperate ISP connection and Firewall-1 instance at the office (thanks to the impending KPNQwest crash), it no longer works via ICS. The VPN is available on the new address, but only via direct internet connections and not ICS. Connections to the VPN show the initial login & authentication packets with source & destination addresses of the Firewall-1 device and my External ICS address. Subsequent traffic via the VPN shows the source address as the client's internal network address. This was initially assumed to be the problem, as equipment on our network won't of course know how to get back to ICS 192.168.0.x addresses. However, having checked back on some historical FW-1 logs, from a day when I had an active, working VPN session via ICS, I see exactly the same kind of behaviour. Initial authentication shows the FW-1 address and external ICS address, but subsequent traffic is shown in the FW-1 logs with the Internal ICS address as the source. Having run NetMon captures on my ICS server & client boxes at home, I see exactly the same behaviour there now as I did back when the VPN via ICS worked - except for the fact that I receive no response packets to any traffic after the initial authentication. Does anyone have any ideas?? I've tried researching this elsewhere, including via the Checkpoint web site, but no-one seems to have any information regarding Secure Client VPN via ICS. Some web sites even claim that this configuration cannot work, but I know from many, many hours of live experience using the solution that it can. Any help at all much appreciated. Mike. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|