[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] vpn/securemote question.
Still having a bit of a nightmare on this one. the way I figure it securemote makes a connection to fw at site B, it in turn tries to establish a tunnel to site A. Then it gets interesting, I get a "Encryption failure: Different community ID, possible NAT problem (VPN Error code 02)" between fw B & fw A on rule 0 and after a few seconds more securemote comes back and says it couldn't talk to fw A at site B > You will need to create a 'site' on the SR client to site B, which will > download the topo as specified in site B's encryption domain. > This will give you a VPN to site A and a second VPN to site B. > On site B's fw you will have to set up a user account etc. If you set up > the same UID and pw as you did on site A then the SR client can tick the > 'remember password' checkbox. This should (although it does not in my > experience) remember the pw the user entered when authenticating site A and > send it to site B. > > If you use something like SecurID then things get more complicated - good > luck if you do - you're out of my experience there! > > Julan Burton > > > *snip* > > > I've been racking my brains for a few hours on a rulebase to do this and I > can't get it to work. > 2 sites running NG FP3 hf2+ssl, vpn set up between the 2 of them using a > community and limited traffic flowing between the 2 of them. > I have some securemote users off site A who access exchange & a few other > things as they roam. > > Some of that traffic is not allowed in the VPN between site A & site B as > it > would saturate the link between them, > however I want any of my securemote users to be able to roam onto the B > network and access the services they would normally access via securemote > from there. > > I thought it'd be a case that Securemote authenticates to the firewall at > site A and establishes a tunnel to it (have allowed that in the rulebase on > B), > however in the fw log on site A I get "Encryption failure: Different > community ID, possible NAT problem (VPN Error code 02)" on the ike rule > The Nat rules that apply are > allinternalnets to allinternalnets = original to original > net A to any = FW A(hide) to original > net B to any = FW B(hide) to original > > Anybody got any ideas where it's going wrong or a better way of doing it ? > > Uly > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|