Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE: [FW1] NT / Secure Remote with multiple adapters

To: Wendy Gleisner <[email protected]>, Checkpoint Mailing List <[email protected]>
Subject: RE: RE: [FW1] NT / Secure Remote with multiple adapters
From: "Croft, Ed" <[email protected]>
Date: Tue, 20 Mar 2001 11:48:51 -0800
Sender: [email protected]

Wendy-

	This is what I found to work for us, I do not know if any or all of
it will apply in your situation.

In working with some techs at Gobosh, we were able to find that SecureRemote
does not handle DHCP well when there is more than one NIC in the laptop
(Phoneboy: http://www.phoneboy.com/faq/0080.html).  You can test this by
seeing if you can log onto the NT domain at your office when you assign a
static IP to the laptop.  The way that we got around this problem was to
remove the docking station Ethernet adapter from the Network properties on
the laptop and then instruct the user to plug the laptop directly into the
Ethernet cable when in the docking station, thereby completely bypassing the
docking station NIC.  That way, the laptop only knows about one Ethernet
adapter.  It is kinda ugly, but the Executive officer (read: NOT technical
or happy with changes) that we set this up for seems to be working fine with
just plugging the Ethernet cable into the dongle each morning.

I don't know if I can help much on your dial-in problem, since our dial-in
solution is completely in-house and we hand out our own IP addresses.  All I
did to get around this problem was to add the network block that we hand out
to the Encryption domain on the Firewall.  My understanding of how
SecureRemote works, is that the software will look at the IP address on the
laptop to determine if it is located inside the Encryption domain or not.
SecureRemote will also see if where you are trying to get to (i.e.
www.cisco.com or one of your internal servers) is inside the Encryption
domain.  If it sees that you are trying to get to www.cisco.com, it will not
try to encrypt the traffic.  If it sees that you are trying to get to one of
your internal servers and you are inside the Encryption domain, then it will
not try to encrypt the traffic.  By adding the network block that we hand
out to our dial-in users to the Encryption domain, SecureRemote thinks that
it is inside and doesn't try to encrypt traffic.  I haven't gotten a
definitive on if this is how SecureRemote is designed to work yet, but it
has been my experience in the past and I will continue to assume this until
I hear differently...

Please let me know off-list if this helped you out at all, or if you had any
questions.

-Ed

> > ----------
> > From: 	Wendy Gleisner[SMTP:[email protected]]
> > Sent: 	Friday, February 09, 2001 5:52 AM
> > To: 	[email protected]
> > Subject: 	[FW1] NT / Secure Remote with multiple adapters
> > 
> > 
> > My company is having this problem: We have NT 4.0 with Service Pack 6a
> > loaded on three different types of Compaq laptops.
> > We use docking stations when on company premises and dial-up when
> offsite.
> > As a result we have 3 networking adapters
> > configured on the laptops. 1 - dialup and 2 - lan adapters (1 - docking
> > station & 1 - nic in the laptop in case they don't dock).
> > We have installed SecureRemote on all adapters.  The normal installation
> > has SecureRemote loading upon startup (It's an icon on the bottom
> > right on the task bar).
> > Even though we are not using SecureRemote when we are on premise, we
> > receive NT domain errors (basically it can't see our NT domain) upon
> > startup.  We've tried hacking SecureRemote out of the startup, without
> > success so far.  We've open a call with Checkpoint, however, they don't
> > seem 
> > to understand the problem
> > 
> > Has anyone had this problem and if you have do you know of a solution?
> I
> > can't believe we are the only company that use docking stations!
> > 
> > Thanks, Wendy
> > 
> > 
> > 
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
> > 
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] .CDR file
Next by Date: [FW1] location of logs
Previous by thread: RE: [FW1] NAT on FW 4.0 and solaris
Next by thread: [FW1] location of logs
Index(es):
- Date
- Thread