Shiroma, Have you solved your problem?
Carlos Caballero Ingeniero de comunicaciones Banco Mercantil S.A. La Paz - Bolivia Telf: (591) 2 2409040 Ext.: 4441 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Concepcion, Juan Sent: Viernes, 02 de Junio de 2006 10:47 a.m. To: [email protected] Subject: Re: [FW-1] Fwd: Re: [FW-1] secure remote users cannot access targ et servers in VPN domain Thing you have to ensure on client side, securemote, is that the firewall has a wide open ipsec rule: Rule 1 Source: any Destination: Remote Firewall Service: ike/ipsec/esp/ah Rule 2 Source: Remote Firewall Destination: Any Service: ike/ipsec/esp/ah I of course have let it set to any but of course you could ensure the client has a static dhcp address tied to it and replace the "any" with that ip. Juan -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Addepalli, Anand Sent: Friday, June 02, 2006 10:16 AM To: [email protected] Subject: Re: [FW-1] Fwd: Re: [FW-1] secure remote users cannot access targ et servers in VPN domain Shiroma There is no restriction in securemote that hinders accessing a VPN domain if statically Nated. I have the same kind of setup from a customer site and there are no problems. You just have to make sure that they have enabled VPN ports outbound to your network. Their firewall must be dropping IKE packets. Anand Addepalli. -----Original Message----- From: Shiroma Dassanayake [mailto:[EMAIL PROTECTED] Sent: Friday, June 02, 2006 2:30 AM To: [email protected] Subject: [FW-1] Fwd: Re: [FW-1] secure remote users cannot access target servers in VPN domain Note: forwarded message attached. Dear all Thanks to all of you that replied. The Secure remote clients are not connecting though ADSL, so PPOE is not used. A few additional tests were conducted that is why theres been a delay in the reply. The secureremote client is installed on a machine that is part of the internal lan of a supplier. The secure remote client is assigned a "statically natd public IP" when it leaves the company gateway to access the internet. Conditions under which this secure remote client can access the target servers in our VPN domain: secure remote client machine connects to the ISP router directly (bypassing the company firewall) secure remote client machine connects to the internet through a dial up connection to an ISP. As soon as the secure remote client machine is placed in the company lan and is statically NAT'd to a public IP, it cannot access the target servers contained in the VPN domain behind our gateway. The client machine is able to download the site details but is not able to access the target servers. Is there a restriction in secureremote that prevents a secureremote client from accessing servers contained within a VPN if the connection originates from a public IP that has been statically NATd? Thanks and regards Shiroma __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
