Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS

To: [email protected]
Subject: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
From: Don <[email protected]>
Date: Tue, 18 Jun 2002 10:55:09 -0400
In-reply-to: <000a01c2169e$c13b5490$0100a8c0@orac>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> Connections to the VPN show the initial login & authentication packets with
> source & destination addresses of the Firewall-1 device and my External ICS
> address. Subsequent traffic via the VPN shows the source address as the
> client's internal network address. This was initially assumed to be the
> problem, as equipment on our network won't of course know how to get back to
> ICS 192.168.0.x addresses.
That is ok though. Those systems will not know how to get to the
192.16.0.x network and so will send it to the firewall who will then know
to re-encapsulate the traffic.

The question becomes, did someone add a 192.168.0.x network to your
corporate network? This would definitely screw things up. Is someone else
coming into the network with the same 192.168.0.x address as you? Have you
tried enabling IP NAT Pools? Did these get disabled during the upgrade?

> Having run NetMon captures on my ICS server & client boxes at home, I see
> exactly the same behaviour there now as I did back when the VPN via ICS
> worked - except for the fact that I receive no response packets to any
> traffic after the initial authentication.
The question is, is you firewall seeing the return traffic? If you sniff
the network on the firewall, you should see traffic going into the network
from the SR client, and then retrn traffic coming back out. If this is the
case, then the problem may lie with ICS (Sorry. They may have broken
whatever support you had during the upgrade). I would guess, however, that
the traffic is not even getting back to the firewall.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
  - From: Mike Crowhurst <[email protected]>

Prev by Date: Re: [FW-1] VPN between 4.0 and 4.1
Next by Date: [FW-1] printing network objects
Previous by thread: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
Next by thread: Re: [FW-1] Checkpoint FW-1 Secure Client & XP ICS
Index(es):
- Date
- Thread