Since the traffic is getting encrypted it looks the configuration at the
firewall is fine. I am thinking the problem might be at the client
side. Are you using desktop policy for the secureclient or any other
firewall at the client side? You may want to check the logs at the
client side if the traffic is getting blocked. You can also try
traceroute to see where the traffic is getting blocked.
Regds...Ramki
Thorsten Heyming wrote:
Hi,
thanks for your answer.
Regarding your questions:
I am quite sure the packets reach the firewall although I did not use fw
monitor to ensure this.
But when I try to connect from the internal network I see the packets
being encrypted and the vpn peer gateway is correct.
From the firewall itself I can't ping the office mode IP.
Thorsten
Von: Mailing list for discussion of Firewall-1 [mailto:FW-1-
[EMAIL PROTECTED] Im Auftrag von Ramki Security
Gesendet: Freitag, 6. Januar 2006 13:25
An: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Betreff: Re: [FW-1] NGX ClusterXl office mode
Since the return packet from the host is sent back to the office mode
ip, i have few questions.
1. Are you seeing the packets reach the firewall
2. Are you able to ping the officemode ip from inside the firewall
machine
4. When you try connecting from the internal network to the om ip, is
the traffic getting encrypted by the firewall.
Thanks....Ramki
Thorsten Heyming wrote:
Hi,
I have some trouble setting up office mode in NGX Cluster Xl.
The connection succeeds and the client gets the office mode ip from
the
defined pool. (different pool on each cluster member)
A connection to a host inside doesn't succeed (ping or telnet).
The log shows the packet being decrypted. A network monitor shows
the
packet arriving hat the host and the reply packet being send back to
the
office mode ip.
The office mode pool is different from my inside address space and
routed towards the firewall.
The office mode pool is not part of the encryption domain.
Secure Client connections without office mode enabled work fine.
Any help would be appreciated.
Regards
Thorsten
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
