Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecRemote problem?

To: Christoph Nagelreiter <[email protected]>, "Secure 1 Mailing List (E-Mail)" <[email protected]>
Subject: RE: [FW1] SecRemote problem?
From: Chilton Tim <[email protected]>
Date: Tue, 23 Jan 2001 09:27:34 -0000
Sender: [email protected]

Hi Guys,

I too have this problem and it's an open TT with checkpoint.

The platform is CP2000, SP3 on NT using IKE or FWZ encryption with IP NAT
pools. 

You have to use IP NAT Pools or the reply can go out through a different
gateway which can cause routing problems.

>From the logs I can see 
	An incoming ICMP decrypt
	The addresses NAT correctly
	The traffic hits the internal router
	The internal router responds to the firewall
	The firewall UN-NAT's the traffic
	The firewall DROP's the outbound ICMP.

The best answer so far from CP is to enable ICMP using their "any-any" ICMP
function which is not really any use. The big problem is why ICMP is being
ignored from the "users -> internal nets for any" 

If only they would implement stateful ICMP ...

Note that just because ICMP is not running doesn't normally affect the VPN -
we have hundreds of users VPN'ing in correctly, it just makes it very
difficult for the support teams to diagnose problems.

Regards

Tim

-----Original Message-----
From: Christoph Nagelreiter [mailto:[email protected]]
Sent: 18 January 2001 15:22
To: Secure 1 Mailing List (E-Mail)
Subject: [FW1] SecRemote problem?



Hi,

I can log on to the Firewall with SecRemote, but i can not ping any
computers behind my firewall? ( I use FWZ encryption)
When i try to ping a computer behind my firewall, the SecRemote loon window
appears!!!

How can i ping a computer behind my firewall? The computer behind my
firewall has a private IP address. 
Do i have a routing problem?

Please help me!

Thank u.

Chris


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SecRemote: No answer received ...
Next by Date: RE: [FW1] Nokia
Previous by thread: Re: [FW1] SecRemote problem?
Next by thread: [FW1] accept outgoing packets
Index(es):
- Date
- Thread