Checkpoint VPN through One valid IP

[NHawkins () bsc-rscservices com]

I'm trying to do a complete solution through one valid IP (Everything from
VPN, to web hosting to FTP access...etc) and so far I have everything
working, but I have some VPN quirks. I have an internal network (10 network
address space) hiding behind the one valid IP and it sees the I-net
beautifully. The VPN actually works (my Checkpoint solution is a
distributed environment - Firewall on one server, management console on
another server, and GUI clients on two other seperate workstations), but it
doesnt authenticate like other multi valid IP address Checkpoint
environments that I support. I have a translation rule on the Firewall that
incoming secure remote requests are translated to the internal management
console box (FW1_TOPO service) and it authenticates at that time however
when I try to access the internal network (I like to use PC Anywhere) I get
a notification: "User successfully authenticated by VPN-1" then it says
below "You are using an inappropriate policy. Load a new policy from your
Policy Server." I do an update of the policy and everything works at that
point. It seems to me that I need to either translate another service or I
am not doing something correctly. In addition to this if I check the
checkbox "Apply Rule Only if Desktop Configuration Options are Verified" in
Properties of Client Encryption then my VPN doesnt work at that point.

Any advice would be appreciated!

Regards,
Nate Hawkins
WAN Administrator - Advanced Systems Analyst.
Beaumont Services Company L.L.C.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards