I am assuming that you are trying to connect to your external interface/ cluster address from the out side world???
If so, then you need to make sure you have a rule like the following above your stealth rule...
All_Internal_Networks (negated) -TO- external_address -SERVICE- FW1_pslogon;FW1_pslogon_NG;FW1_topo;IKE;FW1_scv_keep_alive;FW1_ica_services;FW1_ica_pull;FW1_ica_push -ACTION- Accept -TRACK- Log
Try that...
Regards
Joe Mayhew
Network Systems Administrator
British American Racing GP Ltd.
Operations Centre, Brackley
Northants, NN13 7BD
Tel: +44 (0) 1280 844247 Fax: +44 (0) 1280 843980
Mobile: +44 (0) 7974 260948
-----------------------------------------------------------------------------------------
Seen it all, done it all, can't remember most of it
-----------------------------------------------------------------------------------------
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: 15 October 2002 11:38
To: [email protected]
Subject: [FW-1] SecuRemote and cluster
Hi all listmembers
I'm having trouble getting SR to work towards a network behind two clustered FW-1's on Nokia. I recently upgraded the management station to NG, but the same thing still happens.
In the logs, it seems like SR is trying to send IKE packets to the internal leg on the firewall. For some reason, the firewall won't answer (used tcpdump on the nokia box) on the IKE packets from the SR client. And i can't see any errors in the logs. SR answers with "communication with site has failed". Updating topology goes fine.
Is there any special considerations getting SR to work towards clusters? The same coniguration works against non-clustered enviroments..
Any suggestions?
-tomas-
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================
**********************************************************************
Official Website http://www.bar.net
**********************************************************************
Disclaimer: This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they are
addressed. This communication may contain material protected by solicitor
client privilege. If you are not the intended recipient or the person
responsible for delivering the email to the intended recipient, be advised
that you have received this email in error and that you should not act in
reliance of it and that any use, dissemination, forwarding, printing or
copying of this email is strictly prohibited. If you have received this
email in error please notify the IT Help Desk by telephone on +44 (0)
1280-844444 and delete it. Any files leaving us via email will have been
checked for known viruses. British American Racing accepts no responsibility
once an email and any attachments leave us.
[email protected]
**********************************************************************