[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Securemote/VPN-1 4.1 not decrypting all services
I have an interesting problem with a securemote implementation I am working with. Users, can install a new site and authenticate their session against the firewall. The log shows the topology download along with Phase1 and Phase2 key installs being completed successfully. Users are able to ping systems within the encryption domain and the log shows successful decrypt/encrypt entries for icmp under rule 0 (I'm not sure if it is a significant point that rule 0 is doing this). However, trying any other service against these systems fails - the firewall drops the packets based on my last any>any>any>drop rule. I have reviewed my configuration in detail and have read through the VPN Admin guide (just to make sure I didn't miss anything). I have also compared the config against other systems that work - I cannot see anything that I have missed (only difference is NT vs W2K). I have even tried using IP Pools just in case it was a IP routing problem (though the fact that pings make it through would indicate my routing is not the issue). Has anyone seen this type of behaviour before? The thing that puzzles me most is why icmp packets can make it though on rule 0 but nothing else can.... My configuration is as follows: Firewall: VPN-1 v4.1 SP6 installed on W2K SP3 Securemote: SP5 on XP SP4 on W2K Policy Rules: users@all>encryptiondomain>any>client encrypt any>fw>any>reject any>any>any>drop thanks, Terry Bretz, Manager of Internet Operations Akanda Innovation Inc. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|