Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SR Topology Success - unable to acceess encrypt domain

To: Tony Cottee <[email protected]>
Subject: Re: [FW1] SR Topology Success - unable to acceess encrypt domain
From: CryptoTech <[email protected]>
Date: Mon, 06 Nov 2000 22:18:59 -0500
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

Does your router access list allow ip types 50 and 52?  (ESP and AH)
Do you get any messages back, like unable to contact server?

You mention using FWZ to get topo.  Didn't you say you could use IKE to get topo?

regards,
CryptoTech

Tony Cottee wrote:

> Hello Chaps,
>
> I'm seeing quite an interesting problem w.r.t SecuRemote.
>
> I'm running a StoneBeat pair running v4.1 of Firewall-1 with SR Client's of
> build 4165. I'm actually going to a licensed address of one of the pair's.
> This is not the external IP, it's an Internet routable Stonebeat /Firewall-1
> licensed address.
>
> I can create the IKE topology, but the problem is when I'm trying to access
> a box in the encryption domain. The user matches the Firewall-1 object with
> a VPN & Firewall-1 Password.
>
> I have Policy Properties set to accept Firewall-1 Control Connections hence
> the need not to have IKE etc. set in a rule. I have the appropriate SR
> defined.
>
> Note that we have fairly tight Router ACL's - these are open to destination
> ports tcp 264, 256, 259 and udp 259, 500 and 2746.
>
> Anyhow all appears correct, I've attempted it in various environments -
> local LAN, dialup accounts with differing ISP's etc. so ruling out NAT.
>
> I've thought about using FWZ or using a secondary IP on the External
> Interface to NAT through to the Management Station to pull down the
> topology. Not sure where to go. Any pointers?
>
> Thanks, TC
>
> Security Engineer
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] SR Topology Success - unable to acceess encrypt domain
  - From: "Tony Cottee" <[email protected]>

Prev by Date: [FW1] RE: Multiple ISPs
Next by Date: Re: [FW1] DNS query problem through firewall
Previous by thread: [FW1] SR Topology Success - unable to acceess encrypt domain
Next by thread: [FW1] Squid/FW1 authentication
Index(es):
- Date
- Thread