You're problem is most likely tied to the probability that your cable modem
is performing some type of NAT on the client's IP address. Unless you can
map those inbound UDP packets from the firewall to your client you will
never be successful using SecuRemote.
There is probably no address translation on you RTC or ISDN connections.
Check the IP address of you client when it attached to each type of
connection and I would bet that it is a private or unroutable address when
attached to the cable modem.
-----Original Message-----
From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 06, 2000 8:56 AM
To: Dallas Bishoff
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] SecuRemote question
I am using SR Client build 4003 and my Firewall is v4.0 sp2 but It works
using RTC or ISDN line ! The problem comes with cable modem.
Cordially
Emmanuel Lucas.
----- Original Message -----
From: Dallas Bishoff <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 06, 2000 4:26 PM
Subject: Re: [FW1] SecuRemote question
> Emmanuel:
>
> Two pssible causes...you are using SR Build 4118, or you have a mis-match
> with DES and 3DES on the firewall and client. Check to makes sure that
both
> are either VPN or VPN+STRONG, and make sure the encryption settings for
the
> connection are the same.
>
> There has been various problems reported with WIN98 and SR, so update to
the
> newest version (at least 4153)
>
> Regards!!!
>
> Dallas N. Bishoff
> MCSE+I, MCT, CCA, ICE, CCSE,
> Nokia Security Engineer (NSA),
> RSA Certified SecurID Support Engineer
>
>
>
> From: Emmanuel LUCAS <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [FW1] SecuRemote question
> Date: Thu, 6 Jul 2000 15:46:55 +0200
>
>
> Hi,
>
> I have FW-1 installed on an NT box. I have an SeuRemote client installed
on
> win98. When I connect to my Firewall using ISDN line or anologic modem all
> works fine (logon to NT domain, access network shared ressources and
> applications etc ...).
>
> Now I try to connect my FW using a cable modem. So I have configured a
> network adapter on my client.
> On my secuRemote client I can ping my FireWall. So I have defined my
> new site. All works fine I am asked to enter my userid and password to
> begin the encryption. The Firewall answer OK. From this moment, I can't
> ping anymore my Firewall or my servers on the encryption domain "request
> timeout".
> When I try to ping a server, I see on the Firewal logs a "keyInstall" line
> but nothing else
>
> I have seen lot of happends on the liste archive that talk about address
> translation
> problem with cable modem providers and SecuRemote.
>
> So I have made a test. I have connected my SecuRemote client on the same
hub
> than my FireWall juste behind my cable modem. My provider gave me 2 IP
> addresses. The same problem happends.
>
> On my FireWall log, I have:
>
> ///ACTION / SERVICE / SOURCE / DEST / PROTOCOL / RULE / S_PORT / USER ///
> ///Autocrypt / / securemote_IP_address / / ip /
> 0 / / my_user_name ///
> ///KeyInstall / / securemote_IP_address / my_servers / ip /
0
> / / ///
>
> The securemote_IP_address is the good one so there is no address
> translation, isn't it ?
>
> Any idees ? Why it doesn't works ?
>
> Cordially
>
> Emmanuel Lucas.
>
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
