Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Office Mode & Tunnel Test

To: [email protected]
Subject: [FW-1] Office Mode & Tunnel Test
From: Can2002 <[email protected]>
Date: Mon, 30 Jun 2003 22:07:38 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I've been building a test environment to replicate a clients Secure
Client problem with Office Mode.  Having successfully configured Secure
Client without Office Mode, they wanted to enable the feature to simplify
their WAN routing problems for remote clients.

The problem they experience is that when connecting, they receive a
message saying the 'tunnel_test' failed.  Having searched through Secure
Knowledge I found article sk13014 which seemed to describe exactly the
problems they were exeperiencing, albeit it was based on FP2 whereas they
are on FP3.  The example topology the article gives is shown below:

Server (encryption domain)
192.168.2.100
|
|
192.168.2.1
FireWall-1 NG FP2 (management/firewall module)
10.0.5.2
|
|----------10.0.0.254 (Internet Router)----------Internet
|
10.0.5.1
Router
192.168.1.1
|
|
192.168.1.100
SecureClient NG FP2

The address pool configured for Office Mode in the article's example is
192.168.7.0/24.  When the client PC connects it makes a test connection
on UDP/18234, which the firewall attempts to respond to, but with no
explicit route for the 192.168.7.0/24 network, it attempts to route the
packet via its default gateway, which is the problem.

In the article it explains that the solution is to place a network route
on the firewall for the Office Mode subnet (192.168.7.0/24) pointing at
the remote router (10.0.5.1) in the example above.  I've been able to
replicate something similar in my test lab, which was fixed by following
the article.

My problem; however is that their solution seems to rely on ALL remote
secure client PC's connecting through the same gateway, whereas their
remote clients are connecting through various ISPs across Europe, hence a
single static route cannot be created.

Am I missing the point here???

Cheers,
Chris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Next by Date: Re: [FW-1] W2k and NT routing config
Next by thread: Re: [FW-1] Office Mode & Tunnel Test
Index(es):
- Date
- Thread