NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Strange behavior of SecureClient



20030227as1703
Have a look at CP SecureKnowledge /
solution ID: sk16764

Maybe it helps?

Cheers,
Arnold

-----Ursprüngliche Nachricht-----
Von:    Jean-Francois Gobin [SMTP:[email protected]]
Gesendet am:    Donnerstag, 27. Februar 2003 08:26
An:     [email protected]
Betreff:        [FW-1] Strange behavior of SecureClient

Hello all,

We are testing SecureClient. Our Firewall is connected to the outside
world, and we're trying to ping a host within the net (not directly
attached to the FW itself, but through a router).

When we join "directly connected", as far as rules permit it, everything
is ok : connection established, "decrypt" in logs. But when connecting
this very inside net ... We got this :


Number:                                 346844
Date:                                   27Feb2003
Time:                                   8:18:26
Product:                                VPN-1 & FireWall-1
Interface:                              eth2c0
Origin:                                 fw-nrb-cluster
Type:                                   Log
Action:                                 Drop
Source:                                 62-197-78-116.teledisnet.be
Destination:                            WKS-NRB-DONNEAUX-Linres02
Protocol:                               icmp
Rule:                                   18
NAT rule number:                        0
NAT additional rule number:             0
User:                                   P06291
Source Key ID:                          0x60fb5507
XlateSrc:                               172.18.23.241
Encryption Scheme:                      IKE
VPN Peer Gateway:                       62-197-78-116.teledisnet.be
Encryption Methods:                     ESP: 3DES + SHA1 + DEFLATE
Information:                            icmp-type: 8
                        icmp-code: 0
                        dst scheme: NA
                        route status: temporary unavailable resources


The net is in the encryption domain and correctly set in the routing
table. The rule explicitely grants access to it for the SecureClient
group, and the user can log on the policy server.

Any idea ?

Jean-Francois Gobin


--
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be   mailto:[email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.