[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN
What version of SR/SC are you using. If your using earlier than 4.1SP5 (I believe) you need to add the line fwm_encrypt (true) ; to your userc.c on the client side for the encryption to happen properly. On Thursday 17 January 2002 01:47 pm, Chris Arnold wrote: > If you're management console has an SSH server installed, consider doing > this: > > http://www.sudoers.com/people/cmarnold/projects/ssh/index.html > > Chris > > --- > Tim Jones <[email protected]> > Sent by: Mailing list for discussion > To: [email protected] > Subject: [FW-1] Sending FW-I GUI Client traffic through a SecureClient VPN > > > Hello. > > I'm having two issues with FW-I 4.1, SecureClient, and > the FW-I GUI client that I'm hoping someone can help > me with. Here they are: > > 1) Our VPN encryption domain is 192.168.0.0/16. One > of the management station's interfaces uses an IP in > this range; however, when trying to connect to that IP > with the GUI client while connected to the VPN, it > doesn't work. It seems that the traffic doesn't try > to go through the VPN despite the fact that the > destination address is in the encryption domain. When > pinging the IP, however, the traffic does indeed go > through the VPN, and the ping is successful. > > I ran across this link: > http://support.checkpoint.com/public/publisher.asp?id=faf384f6-d59e-11d4 > -a57a24&resource > > &number=4&isExternal=0. > > > It only deals with NG, however -- the crypt.def entry > that it references isn't present on our management > station. > > So, is there any way to tell GUI client traffic to go > though the VPN with version 4.1? > > 2) Our management station also has an external, > routeable IP address. For whatever reason, it's > possible for me to connect to the GUI client via this > IP address while connected to the VPN using an > "Encryption Only" policy. This external IP isn't in > the encryption domain, however, and nothing else > outside the encryption domain is accessible in this > manner. > > Does anyone know why this is the case, and, how to > prevent it? > > All help is appreciated. Thanks! > > __________________________________________________ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= -- Juan Concepcion Network Security Engineer CCSA/CCSE Certified [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|