Firewall Wizards mailing list archives
RE: Checkpoint VPN through One valid IP
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Fri, 24 Aug 2001 10:16:33 -0400
Nate, It sounds like you have some of the personal firewalling for SecuRemote (called SecurClient when you use these features) enabled. At least, that's the read I get from the error you mentioned. That's not a normal SR error, but a SecurClient error. Couple of things I would try: 1) Disable all SecurClient options on the firewall policy. 2) Reinstall SR without desktop protection. 3) Make sure your encryption domain is correct. 4) Check the files on the client to ensure SR is downloading the topology correctly. (userc.C I believe) Give that a shot. That should at least remove one variable. Hope this helps. Andrew Kalat --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 IT Infrastructure Manager | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | http://www.iss.net/ Atlanta, GA 30328 | PGP key available. -----Original Message----- From: NHawkins () bsc-rscservices com [mailto:NHawkins () bsc-rscservices com] Sent: Thursday, August 23, 2001 10:13 AM To: firewall-wizards () nfr com Subject: [fw-wiz] Checkpoint VPN through One valid IP I'm trying to do a complete solution through one valid IP (Everything from VPN, to web hosting to FTP access...etc) and so far I have everything working, but I have some VPN quirks. I have an internal network (10 network address space) hiding behind the one valid IP and it sees the I-net beautifully. The VPN actually works (my Checkpoint solution is a distributed environment - Firewall on one server, management console on another server, and GUI clients on two other seperate workstations), but it doesnt authenticate like other multi valid IP address Checkpoint environments that I support. I have a translation rule on the Firewall that incoming secure remote requests are translated to the internal management console box (FW1_TOPO service) and it authenticates at that time however when I try to access the internal network (I like to use PC Anywhere) I get a notification: "User successfully authenticated by VPN-1" then it says below "You are using an inappropriate policy. Load a new policy from your Policy Server." I do an update of the policy and everything works at that point. It seems to me that I need to either translate another service or I am not doing something correctly. In addition to this if I check the checkbox "Apply Rule Only if Desktop Configuration Options are Verified" in Properties of Client Encryption then my VPN doesnt work at that point. Any advice would be appreciated! Regards, Nate Hawkins WAN Administrator - Advanced Systems Analyst. Beaumont Services Company L.L.C. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Checkpoint VPN through One valid IP NHawkins (Aug 24)
- <Possible follow-ups>
- RE: Checkpoint VPN through One valid IP Kalat, Andrew (ISS Atlanta) (Aug 26)