| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NetOP back to SecuRemote client
- To: [email protected]
- Subject: Re: [FW-1] NetOP back to SecuRemote client
- From: Lars Troen <[email protected]>
- Date: Fri, 7 Mar 2003 11:01:39 +0100
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcLkg/CKisFsV9NxSoKBoA8f4tRQtwAC8/6q
- Thread-topic: Re: [FW-1] NetOP back to SecuRemote client
Stefan is correct. However this goes only for Securemote so this is kinda weird. If you're using SecureClient in Office mode without any desktop rules, you can connect to the client. You can see in the Securemote/SecureClient log if the packet is dropped. An s-box is more like a securemote than secureclient and if you define a rule that accepts a service (on the sbox) you can successfully access this service through the "Securemote ip pool nat" ip address. But if you install securemote without desktop security, shouldn't it be without a rule set if you chose that? At least it used to be like that...
Lars
-----Original Message-----
From: Stefan Schweizer [mailto:[email protected]]
Sent: Fri 07-Mar-03 9:04 AM
To: [email protected]
Cc:
Subject: Re: [FW-1] NetOP back to SecuRemote client
Hi Aaron
When you use SecureRemote, you have to define a desktop rule which allows
the incoming request from your source (probably your VPN GW).
Regards
Stefan
|---------+---------------------------------------------->
| | "<Aaron Reynolds>" |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[email protected]|
| | kpoint.com> |
| | |
| | |
| | 06.03.2003 18:30 |
| | Please respond to Mailing list for |
| | discussion of Firewall-1 |
| | |
|---------+---------------------------------------------->
>-----------------------------------------------------------------------------------------------|
| |
| To: [email protected] |
| cc: |
| Subject: Re: [FW-1] NetOP back to SecuRemote client |
>-----------------------------------------------------------------------------------------------|
I have tried NetOP'ing to the IP Pool NAT address, and I see the following:
Logviewer:
Accept (NetOp)
Encrypt (NetOp)
tcpdump:
Internal Interface:
internal IP of NetOp guest (src) -> IP Pool NAT IP of NetOP
host (dst) - NetOP (service)
(No replies)
External Interface:
ESP packets being sent from external address of firewall to
external address of SecuRemote client
(No replies)
So I know I am encrypting and sending traffic to the SecuRemote client.
Does it have to be Secure Client for this to work? Is there something in
Userc.C that needs to be changed to allow an incoming connection? Thanks
for your help.
-Aaron
-----Original Message-----
From: Lars Troen [mailto:[email protected]]
Sent: Wednesday, March 05, 2003 2:18 AM
To: [email protected]
Subject: Re: [FW-1] NetOP back to SecuRemote client
Aaron,
You should use the IP Pool NAT address or the SecureClient Pool IP if
you're
using that. Works fine with vnc and NG.
Lars
> -----Original Message-----
> From: <Aaron Reynolds> [mailto:[email protected]]
> Sent: Tuesday, March 04, 2003 00:29
> To: [email protected]
> Subject: [FW-1] NetOP back to SecuRemote client
>
>
> Does anybody have this working. Way back in the 4.1 SP2
> days, it seemed
> that we could do this. I am now on 4.1 SP6, and we cannot do
> it. The user
> has to kill SecuRemote in order to NetOP from corporate to
> them. If using
> IP pool NAT, should I be NetOP'ing to the IP pool NAT
> address, or their
> external address. Thanks for any help.
>
> -Aaron
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
================================================To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
================================================To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================If you have any questions on how to change your
subscription options, email
[email protected]
================================================
|
|
