[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecuRemote connects to which fw interface (again)?
Ok, I just read sp2 release notes and found the setting: :resolve_multiple_interfaces (true) However I do not know where to put this setting exactly. What is meant by the gateway object? I tried putting it on different places however none of them forced SecuRemote to connect to different FW interfaces. Cheers, Josef > -----Original Message----- > From: CryptoTech [SMTP:[email protected]] > Sent: Monday, February 19, 2001 3:54 PM > To: Hartmann, Josef > Cc: 'Larry Pingree'; [email protected]; > [email protected] > Subject: Re: [FW1] SecuRemote connects to which fw interface (again)? > > > Please read the release notes for SP2. You cannot download topology from > the other > ip addresses, but once the topology exists on the client, he can establish > a vpn to > any of the firewall's interfaces that he can see. > > Cheers, > CryptoTech > > "Hartmann, Josef" wrote: > > > Thinking about this effect, means that it is only possible to establish > a > > VPN connection only to one firewall interface?!? > > > > How do I get access to Checkpoint's Support center? > > > > > -----Original Message----- > > > From: Larry Pingree [SMTP:[email protected]] > > > Sent: Thursday, February 15, 2001 8:51 PM > > > To: Hartmann, Josef; [email protected]; > > > [email protected] > > > Subject: Re: [FW1] SecuRemote connects to which fw interface > (again)? > > > > > > I believe the answer would be yes. The IP address in the general tab > is > > > used > > > to build the topology download, and this is the IP address to which > > > securemote will connect to. > > > > > > I do agree that Check Point "should" use the closest interface to the > > > securemote client, but this is not the case thus far. > > > > > > Maybe you could submit a bug to Check Point's Support center? > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- > > > Larry Pingree > > > Sr. Security Consultant > > > Email: [email protected] > > > > > > SiegeWorks > > > Company WebSite: http://www.siegeworks.com/ > > > Security Installation, Training and Consulting > > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- > > > ----- Original Message ----- > > > From: Hartmann, Josef <[email protected]> > > > To: <[email protected]>; > <[email protected]> > > > Sent: Thursday, February 15, 2001 1:23 AM > > > Subject: [FW1] SecuRemote connects to which fw interface (again)? > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > I am running a fw with quite a few interfaces. Now I would like to > setup > > > a > > > > VPN. After some troubles userc.C is now loaded, however SecuRemote > does > > > > connect to the primary interface of the firewall not to the > interface > > > which > > > > the client has access to. > > > > > > > > Unfortunately userc.C is encrypted. Setting the appropriate > parameter in > > > > userc.C to false or removing it did not help me. > > > > > > > > A small figure to illustrate this: > > > > > > > > Network C > > > > > > > > | > > > > | > > > > _______________ > > > > | | > > > > network A -----------| FW |----------------- > Network > > > B > > > > --------- VPN Client > > > > this IP address is | | > > > > set the one of the | | > > > > FW object. -------------------------- > > > > | > > > > | > > > > Network D > > > > > > > > As you can see the Gateway address of the SecuRemote Client should > be > > > > interface B however, after the Topo downloaded forces the VPN Client > to > > > use > > > > interface A as gateway but that's silly, isn't? Do I have to use > > > Interface > > > B > > > > as the "primary" (the IP Address given in the general tap of the > > > workstation > > > > properties of the firewall object) interface of the firewall object? > > > > > > > > > > > > > > > > > > > > Any hints? > > > > > > > > > > > > Cheers, > > > > > > > > Josef > > > > > > > > > > > > > > > > ========================================================================== > > > == > > > ==== > > > > To unsubscribe from this mailing list, please see the > instructions > > > at > > > > http://www.checkpoint.com/services/mailing.html > > > > > > > > ========================================================================== > > > == > > > ==== > > > > > > > > > ========================================================================== > ====== > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > ====== > > > > ________________________________________________________________________ > > This message has been checked for all known viruses, by Star Internet, > > delivered through the MessageLabs Virus Control Centre. > > For further information visit: > > http://www.star.net.uk/stats.asp > > > > > ========================================================================== > ====== > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > ====== > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|