If so, then you need to make sure you have a rule like the
following above your stealth rule...
All_Internal_Networks (negated) -TO- external_address
-SERVICE-
FW1_pslogon;FW1_pslogon_NG;FW1_topo;IKE;FW1_scv_keep_alive;FW1_ica_services;FW1_ica_pull;FW1_ica_push
-ACTION- Accept -TRACK- Log
Try that...
Regards
Joe Mayhew
Network Systems
Administrator
British American Racing GP
Ltd.
Operations Centre, Brackley
Northants, NN13 7BD
Tel: +44 (0) 1280
844247 Fax: +44 (0) 1280 843980
Mobile: +44 (0)
7974 260948
-----------------------------------------------------------------------------------------
Seen it all, done it all, can't remember most of
it
-----------------------------------------------------------------------------------------
-----Original Message-----
From:
[email protected] [mailto:[email protected]]
Sent: 15 October 2002 11:38
To:
[email protected]
Subject: [FW-1] SecuRemote and cluster
Hi all listmembers
I'm having trouble getting SR to work towards a network
behind two clustered FW-1's on Nokia. I recently upgraded the management
station to NG, but the same thing still happens.
In the logs, it seems like SR is trying to send IKE
packets to the internal leg on the firewall. For some reason, the firewall
won't answer (used tcpdump on the nokia box) on the IKE packets from the
SR client. And i can't see any errors in the logs. SR answers with
"communication with site has failed". Updating topology goes
fine.
Is there any special considerations getting SR to work
towards clusters? The same coniguration works against non-clustered
enviroments..
Any suggestions?
-tomas-
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
**********************************************************************
Official
Website
http://www.bar.net
**********************************************************************
Disclaimer:
This email and any files transmitted with it are confidential
and
intended solely for the use of the individual or entity to whom they
are
addressed. This communication may contain material protected by
solicitor
client privilege. If you are not the intended recipient or
the person
responsible for delivering the email to the intended
recipient, be advised
that you have received this email in error and
that you should not act in
reliance of it and that any use,
dissemination, forwarding, printing or
copying of this email is
strictly prohibited. If you have received this
email in error please
notify the IT Help Desk by telephone on +44 (0)
1280-844444 and delete
it. Any files leaving us via email will have been
checked for known
viruses. British American Racing accepts no responsibility
once an
email and any attachments leave
us.
[email protected]
**********************************************************************