[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecureRemote and VPN-1 mes amours!



If the firewall receives it but doesn't forward it then it sounds like
the firewall rule and/or nat/arp/routing stuff is not setup correctly.
Try an ANY services rule for the securemote connections briefly and see
if that lets it work and/or check that the different clients are getting
nat'd inbound with different addresses per client (nat pool) and that
the addresses are arp'd to your firewall so that your Intranet can route
back the session correctly (although this is probably good since the
radius stuff works unless you've got a route setup on the radius server
that forces all traffic to the firewall).

Thanks and Regards,

Kevin Martin <[email protected]>
TD Options, LLC   Security Officer
230 S. LaSalle, 6th Floor  Chicago, IL  60604
T:F:-----Original Message-----
From: Alberto Salerno [mailto:[email protected]]
Sent: Thursday, September 12, 2002 12:06 PM
To: [email protected]
Subject: [FW-1] SecureRemote and VPN-1 mes amours!


Dear all,

I have some problem with SecureRemote and Check Point VPN-1 NG FP 2 on
Linux.

Iinstalled it and all works (I mean filtering and natting) fine except
the SecureRemote connection.

We are able to authenticate through IKE Hybrid Mode and RADIUS using a
generic* user (fine!). We see the key exchange but as soon as we ping
some internal host no answer: The packets seems to be blocked on the
firewall.

SecureRemote is encrypting the traffic and the firewall is receiving it
but seems not to forward it to our Intranet.

The encryption domain is also defined correctly as an internal network
(we have only one).

I checked already the SecureKnowledge and do not have overlapping
encryption domains, the topology is downloaded (I can see topology
entries in the user.C file), no double firewall object is in our object
database, but still do no understand why it does not work.

We installed the latest SecureRemote software just yesterday but nothing
happens.

Any one esperiencing the same problem? Any suggestion?

Ciao

Alberto

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================