[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote through NAT device???
Oh how I wish it was a test network. Unfortunately, it's the real thing. I should add that I've had several other employees here, using different ISP's, try and they experience the same problem. Works great with no NAT, not at all with. Oh yes, if I do a tracert from the SecuRemote client to a server in the far side internal network, I don't even get a hop to the client side NAT device. It's like the packet just dies and doesn't go anywhere. Strange then that authenticating to the checkpoint box and topo updates work fine through the NAT device. Our Internal network NAT's address's going out to the Internet and those packets go out and find their way back no problem. Thanks Don, Christian -----Original Message----- From: Don [mailto:[email protected]] Sent: Friday, January 04, 2002 2:38 PM To: Hanke, Christian (DC) Subject: Re: [FW-1] SecuRemote through NAT device??? > Been struggling with this for months now. Maybe one of you fine people can > point me in the right direction. > > FW1 4.1 SP3 box with a private network behind it. Trying to connect though > SecuRemote and it works beautifully as long as the client isn't NAT'd. Add a > Linksys or Netgear router on the Client side for Internet connection sharing > / NAT and SecuRemote breaks. Update site and logon to site works fine and > with no errors. Once logged on though, no resources can be accessed on the > private network behind the firewall. Can't ping, see/open shares, nothing. > Interestingly, even when the NAT'd box is set up as DMZ, (all packets pass > through and forwarded to client with no filters), SecuRemote still will not > work. Only when the NAT device is removed from the picture all together will > SecuRemote function. I have followed the instructions on Phoneboy's site > about SecuRemote Client and NAT until I'm blue in the face. In a nutshell, > this is what he recommends. If you would like, I am on an internal network, being NAT'd through a CheckPoint 4.0 firewall, and I would be happy to help you troubleshoot this with you. If this is a test network, and you are willing to set up a temporary login, I can configure a SecuRemote client and test this. I can also perform a tcpdump and let you know if the traffic is being encrypted as you intended. CheckPoint can be a bear sometimes, and I would be happy to help in any way. I have set up SR through NAT a number of times and there always seems to be a gotcha. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|