[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] - SecurRemote doesn't works since ISP change



Title: [FW-1] - SecurRemote doesn't works since ISP change
The decrypted packet will have the original ip address. If this packet's address exists within your internal networks, you will have internal routing problems, and vpn will not work properly.
 
Lars
-----Original Message-----
From: Emmanuel LUCAS [mailto:[email protected]]
Sent: Monday, October 28, 2002 13:49
To: [email protected]
Subject: [FW-1] - SecurRemote doesn't works since ISP change

I have a DMZ that is 192.168.1.X MASK 255.255.255.0 and I have a route on my Firewall. My client network is 192.168.2.X MASK 255.255.255.0 and I have no route to this network. But how do you axplain that it worked fine before I change my ISP ? And why when the client negociate withe the firewall the IP adresse is good and when I try to reach one internal machine I have the wrong IP address ?

De : Mailing list for discussion of Firewall-1 [mailto:[email protected]]De la part de Lars Troen
Envoy� : lundi 28 octobre 2002 11:36
� : [email protected]
Objet : Re: [FW-1] - SecurRemote doesn't works since ISP change

How is the 192.168.x.x segment routed in your internal network?
If you try to trace to the client address from your NT server, where does it go? If it's not routed to the firewall you can solve this problem by wither implementing Securemote NAT or by using SecureClient Office Mode. Or you can put a static route from your server for this network to the firewall, but this might be less stable as you probably get more such user, and they can have other similar addresses.

Lars