Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Securemote/VPN-1 4.1 not decrypting all services

To: [email protected]
Subject: [FW-1] Securemote/VPN-1 4.1 not decrypting all services
From: Terry Bretz <[email protected]>
Date: Mon, 26 Aug 2002 14:22:05 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have an interesting problem with a securemote implementation I am working
with.  Users, can install a new site and authenticate their session against
the firewall.  The log shows the topology download along with Phase1 and
Phase2 key installs being completed successfully.  Users are able to ping
systems within the encryption domain and the log shows successful
decrypt/encrypt entries for icmp  under rule 0 (I'm not sure if it is a
significant point that rule 0 is doing this).   However, trying any other
service against these systems fails - the firewall drops the packets based
on my last any>any>any>drop rule.

I have reviewed my configuration in detail and have read through the VPN
Admin guide (just to make sure I didn't miss anything). I have also
compared the config against other systems that work - I cannot see anything
that I have missed (only difference is NT vs W2K).  I have even tried using
IP Pools just in case it was a IP routing problem (though the fact that
pings make it through would indicate my routing is not the issue).

Has anyone seen this type of behaviour before?  The thing that puzzles me
most is why icmp packets can make it though on rule 0 but nothing else
can....

My configuration is as follows:

Firewall:   VPN-1 v4.1 SP6 installed on W2K SP3
Securemote: SP5 on XP
            SP4 on W2K
Policy Rules:     users@all>encryptiondomain>any>client encrypt
            any>fw>any>reject
            any>any>any>drop

thanks,

Terry Bretz,
Manager of Internet Operations
Akanda Innovation Inc.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] RPC Problems on 4.0
Next by Date: Re: [FW-1] Secure SMTP server used for spam relay
Previous by thread: [FW-1] RPC Problems on 4.0
Next by thread: Re: [FW-1] FW: Problem with SMTP routing to my email server throu gh FW-1 NG FP1
Index(es):
- Date
- Thread