Hi Kenneth
Make sure you check the box "Exportable for SecureClient/SecureRemote" under the topology on the firewall
Also make sure (depending on the way you configure VPN) that your desktop rules include a rule that will encrypt
for your VPN domain like:
Inbound:
block all users@any any block
outbound:
all users@any [VPN domain] any Encrypt
I hope this works
Morten
-----Original Message-----
From: Kenneth Dybdahl [mailto:[email protected]]
Sent: 21. november 2002 14:08
To: [email protected]
Subject: [FW-1] Checkpoint SecuRemote / SecureClient NG FP2
Upgraded my old Firewall - 1 4.1 SP6 running at a NT4 platform last
weekend.
Did a clean install, Windows 2000 Server and Firewall - 1 NG FP3.
Everything is working fine, except RemoteAccess.
Need help or a good how-to.
Current setup is:
On the Firewall object:
Pretty much default settings + Office mode to my VPN users group.
Authentication is "VPN-1 & Firewall - 1 Password".
VPN Domain:
All addresses behind Gateway based on Topology information.
The VPN Users group encrypt IKE (3DES / SHA1)
Desktop Security is set to any services = allowed (both inbound and
outbound, just for testing).
Global Properties:
Pretty much default here too, encrypts DNS, Pre-Shared Secret, IKE over
TCP.
Any way, the authentication procedure is working fine.
I can see in the FW1 log that the user authenticates, and from the
client I can ping internal servers, and also traceroute them. I have
setup SecuRemote DNS servers too, and can ping all my internal servers
with DNS names.
I have been trying pre-shared, public key, hybrid mode, certificate
mode. All with the same result. I have also been trying the SecuRemote
and the SecureClient (with both the package tool, and with just the
default installation from CP). Authentication seems to work out fine. I
got the same result too with or without Policy Server.
So far so good.
Then, ANY other services I try to use are not working. I can't see any
"blocked" or any traces of activity in the FW1 log, and all attempts to
connect to a service (terminal service, http, smtp) is timing out on the
client.
Wild guess is that there is something wrong with the users.C file, which
do not exist on the client. Tried to copy it manually, didn't work :/
Any suggestions to a desperate man :) ?
- Kenneth -
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================