[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Secure Client Question involving NAT and NG
To clarify an earlier post: I have a desktop system on an RFC 1918 address (10.3.1.101) connecting to the Internet through a CheckPoint 4.0 firewall using hide mode address translation. I have another network across the Internet, 172.16.0.0/16 behind a CheckPoint NG firewall. There is _NO_ NAT taking place on this firewall. When I try to connect from my 10.3.1.101 desktop to a server on the 172.16.0.0/16 network, nothing happens. All logs show the connection being accepted. When I try to connect to a server on a different 172.16.0.0/16 network, using the same desktop system (With a different site defined in Secure Client of course) everything works. The only difference is that this second network is behind a CheckPoint 4.1 firewall instead of a CheckPoint NG firewall. I am using SecureClient build 51057 running on Windows 2000 SP2. I am using CheckPoint NG Feature Pack 1 downloaded yesterday as a full install on a Windows NT 4.0 SP6a server. My SC desktop security rules allow all traffic in both directions. My ruleset has two rules. The first allows remote users into the network with client encryption. The second rule allows any traffic to anywhere. I am using SC in transparent mode, not connect mode. When I try using connect mode, I get an authentication success, but a tunnel test failure. I am using IKE over TCP, as well as UDP encapsulation. I am using IKE hybrid mode for authentication using VPN-1/FW-1 password for authentication. Is there anything in NG that might cause this situation to fail, whereas it would work under 4.1? Any help would be greatly appreciated. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|