[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NetOP back to SecuRemote client
Stefan is correct. However this goes only for Securemote so this is kinda weird. If you're using SecureClient in Office mode without any desktop rules, you can connect to the client. You can see in the Securemote/SecureClient log if the packet is dropped. An s-box is more like a securemote than secureclient and if you define a rule that accepts a service (on the sbox) you can successfully access this service through the "Securemote ip pool nat" ip address. But if you install securemote without desktop security, shouldn't it be without a rule set if you chose that? At least it used to be like that... Lars -----Original Message----- From: Stefan Schweizer [mailto:[email protected]] Sent: Fri 07-Mar-03 9:04 AM To: [email protected] Cc: Subject: Re: [FW-1] NetOP back to SecuRemote client Hi Aaron When you use SecureRemote, you have to define a desktop rule which allows the incoming request from your source (probably your VPN GW). Regards Stefan |---------+----------------------------------------------> | | "<Aaron Reynolds>" | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[email protected]| | | kpoint.com> | | | | | | | | | 06.03.2003 18:30 | | | Please respond to Mailing list for | | | discussion of Firewall-1 | | | | |---------+----------------------------------------------> >-----------------------------------------------------------------------------------------------| | | | To: [email protected] | | cc: | | Subject: Re: [FW-1] NetOP back to SecuRemote client | >-----------------------------------------------------------------------------------------------| I have tried NetOP'ing to the IP Pool NAT address, and I see the following: Logviewer: Accept (NetOp) Encrypt (NetOp) tcpdump: Internal Interface: internal IP of NetOp guest (src) -> IP Pool NAT IP of NetOP host (dst) - NetOP (service) (No replies) External Interface: ESP packets being sent from external address of firewall to external address of SecuRemote client (No replies) So I know I am encrypting and sending traffic to the SecuRemote client. Does it have to be Secure Client for this to work? Is there something in Userc.C that needs to be changed to allow an incoming connection? Thanks for your help. -Aaron -----Original Message----- From: Lars Troen [mailto:[email protected]] Sent: Wednesday, March 05, 2003 2:18 AM To: [email protected] Subject: Re: [FW-1] NetOP back to SecuRemote client Aaron, You should use the IP Pool NAT address or the SecureClient Pool IP if you're using that. Works fine with vnc and NG. Lars > -----Original Message----- > From: <Aaron Reynolds> [mailto:[email protected]] > Sent: Tuesday, March 04, 2003 00:29 > To: [email protected] > Subject: [FW-1] NetOP back to SecuRemote client > > > Does anybody have this working. Way back in the 4.1 SP2 > days, it seemed > that we could do this. I am now on 4.1 SP6, and we cannot do > it. The user > has to kill SecuRemote in order to NetOP from corporate to > them. If using > IP pool NAT, should I be NetOP'ing to the IP pool NAT > address, or their > external address. Thanks for any help. > > -Aaron _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================If you have any questions on how to change your subscription options, email [email protected] ================================================
|