[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Office Mode & Tunnel Test
I've been building a test environment to replicate a clients Secure Client problem with Office Mode. Having successfully configured Secure Client without Office Mode, they wanted to enable the feature to simplify their WAN routing problems for remote clients. The problem they experience is that when connecting, they receive a message saying the 'tunnel_test' failed. Having searched through Secure Knowledge I found article sk13014 which seemed to describe exactly the problems they were exeperiencing, albeit it was based on FP2 whereas they are on FP3. The example topology the article gives is shown below: Server (encryption domain) 192.168.2.100 | | 192.168.2.1 FireWall-1 NG FP2 (management/firewall module) 10.0.5.2 | |----------10.0.0.254 (Internet Router)----------Internet | 10.0.5.1 Router 192.168.1.1 | | 192.168.1.100 SecureClient NG FP2 The address pool configured for Office Mode in the article's example is 192.168.7.0/24. When the client PC connects it makes a test connection on UDP/18234, which the firewall attempts to respond to, but with no explicit route for the 192.168.7.0/24 network, it attempts to route the packet via its default gateway, which is the problem. In the article it explains that the solution is to place a network route on the firewall for the Office Mode subnet (192.168.7.0/24) pointing at the remote router (10.0.5.1) in the example above. I've been able to replicate something similar in my test lab, which was fixed by following the article. My problem; however is that their solution seems to rely on ALL remote secure client PC's connecting through the same gateway, whereas their remote clients are connecting through various ISPs across Europe, hence a single static route cannot be created. Am I missing the point here??? Cheers, Chris ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|