| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Securemote (build 4199) on Win2k server not working
- To: [email protected]
- Subject: Re: [FW-1] Securemote (build 4199) on Win2k server not working
- From: Alan Choyna <[email protected]>
- Date: Tue, 4 Jun 2002 15:35:17 -0400
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcIL9HjazuJORa5LRYGVjZUXw+etyAABwWfw
- Thread-topic: Re: [FW-1] Securemote (build 4199) on Win2k server not working
He has set these rules up at the top of his policy on his ip330. The int_Win2kServ_PC is an internal workstation object (it has an external ip using hiding NAT), while the ext_CST_FW is a workstation object with our external ip address:
Rule Source Destination Service Action
1 int_Win2kServ_PC ext_CST_FW FW1, FW1_topo, FW1_pslogon Accept
2 int_Win2kServ_PC ext_CST_FW RDP, IKE, IKE_tcp, Accept
3 int_Win2kServ_PC ext_CST_FW ESP Accept
ext_CST_FW int_Win2kServ_PC
Should he be using his external object? Should the object for our firewall be an Integrated Firewall object? I don't know if he has an encryption license, is that needed? What other services should he be allowing?
Thanks for your assistance.
Alan.
-----Original Message-----
From: John Chalifoux [mailto:[email protected]]
Sent: Tuesday, June 04, 2002 1:04 PM
To: [email protected]
Subject: Re: [FW-1] Securemote (build 4199) on Win2k server not working
Hi,
I had something like that happen. I couldn't ping, trace or do anything. It
turned out that the machine, which was in my DMZ, had a FW policy that
restricted communication to the internal network. You might want to check
this out with your FW guy again just to be sure.
John Chalifoux
Network Administrator
SMI Systems & Methods, Inc.
[email protected]
WorkCell-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Alan
Choyna
Sent: Tuesday, June 04, 2002 1:06 PM
To: [email protected]
Subject: [FW-1] Securemote (build 4199) on Win2k server not working
Hi people.
We're running an ip440 with 4.1 SP3 and am trying to get an affiliate
company to VPN into our network.
He's using Securemote (Build 4199) on Win2k Server, and is sitting behind a
Nokia IP330.
I can see him authenticate when he updates his policy, but he cannot ping,
ftp (or anything for that matter) any machine within our network.
He can access everything fine from home, and the FW guy there has assured me
that he's opened up the correct ports between his network and our FW1 boxes
external ip (he says there are no rejects or drops when he attempts to ping
or FTP).
When he does a trace route on our FW's ip, it works fine, however the trace
route on one of the internal boxes totally fails, not even showing the FW.
Only the policy updates and authentication shows up in our logs. Not the
ping or FTP attempts.
Has anyone had issues with Securemote and Win2k server?
Any suggestions?
Thanks in advance,
Alan.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
