Hiya,
Just a quick note that it is important to check that all inbound traffic is
being allowed through to you internal client (Behind the cable modem) i.e.
no filtering is occuring. Also ensure that the ISP is not doing address
translation. If it is you will need to modify your firewall files to allow
this a good resource for this sort of issue is phoneboy
http://www.phoneboy.com
http://www.phoneboy.com/fw1/faq/0141.html concerns NAT and Secure remote.
Hope this helps
Andy
-----Original Message-----
From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
Sent: 06 July 2000 16:55
To: Jim Brown
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] SecuRemote question
As I said above on my first append, I have tried with 2 IP addresses in
195.x.x.x and the firewall log show me the good client IP address. So does
it means that there is no address translation ?
Cordially
Emmanuel Lucas.
----- Original Message -----
From: Jim Brown <[EMAIL PROTECTED]>
To: 'Emmanuel LUCAS' <[EMAIL PROTECTED]>; Dallas Bishoff
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, July 06, 2000 5:23 PM
Subject: RE: [FW1] SecuRemote question
> You're problem is most likely tied to the probability that your cable
modem
> is performing some type of NAT on the client's IP address. Unless you can
> map those inbound UDP packets from the firewall to your client you will
> never be successful using SecuRemote.
>
> There is probably no address translation on you RTC or ISDN connections.
> Check the IP address of you client when it attached to each type of
> connection and I would bet that it is a private or unroutable address when
> attached to the cable modem.
>
> -----Original Message-----
> From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 06, 2000 8:56 AM
> To: Dallas Bishoff
> Cc: [EMAIL PROTECTED]
> Subject: Re: [FW1] SecuRemote question
>
>
>
> I am using SR Client build 4003 and my Firewall is v4.0 sp2 but It works
> using RTC or ISDN line ! The problem comes with cable modem.
>
> Cordially
>
> Emmanuel Lucas.
> ----- Original Message -----
> From: Dallas Bishoff <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, July 06, 2000 4:26 PM
> Subject: Re: [FW1] SecuRemote question
>
>
> > Emmanuel:
> >
> > Two pssible causes...you are using SR Build 4118, or you have a
mis-match
> > with DES and 3DES on the firewall and client. Check to makes sure that
> both
> > are either VPN or VPN+STRONG, and make sure the encryption settings for
> the
> > connection are the same.
> >
> > There has been various problems reported with WIN98 and SR, so update to
> the
> > newest version (at least 4153)
> >
> > Regards!!!
> >
> > Dallas N. Bishoff
> > MCSE+I, MCT, CCA, ICE, CCSE,
> > Nokia Security Engineer (NSA),
> > RSA Certified SecurID Support Engineer
> >
> >
> >
> > From: Emmanuel LUCAS <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: [FW1] SecuRemote question
> > Date: Thu, 6 Jul 2000 15:46:55 +0200
> >
> >
> > Hi,
> >
> > I have FW-1 installed on an NT box. I have an SeuRemote client installed
> on
> > win98. When I connect to my Firewall using ISDN line or anologic modem
all
> > works fine (logon to NT domain, access network shared ressources and
> > applications etc ...).
> >
> > Now I try to connect my FW using a cable modem. So I have configured a
> > network adapter on my client.
> > On my secuRemote client I can ping my FireWall. So I have defined my
> > new site. All works fine I am asked to enter my userid and password to
> > begin the encryption. The Firewall answer OK. From this moment, I can't
> > ping anymore my Firewall or my servers on the encryption domain "request
> > timeout".
> > When I try to ping a server, I see on the Firewal logs a "keyInstall"
line
> > but nothing else
> >
> > I have seen lot of happends on the liste archive that talk about address
> > translation
> > problem with cable modem providers and SecuRemote.
> >
> > So I have made a test. I have connected my SecuRemote client on the same
> hub
> > than my FireWall juste behind my cable modem. My provider gave me 2 IP
> > addresses. The same problem happends.
> >
> > On my FireWall log, I have:
> >
> > ///ACTION / SERVICE / SOURCE / DEST / PROTOCOL / RULE / S_PORT / USER
///
> > ///Autocrypt / / securemote_IP_address / / ip /
> > 0 / / my_user_name ///
> > ///KeyInstall / / securemote_IP_address / my_servers / ip /
> 0
> > / / ///
> >
> > The securemote_IP_address is the good one so there is no address
> > translation, isn't it ?
> >
> > Any idees ? Why it doesn't works ?
> >
> > Cordially
> >
> > Emmanuel Lucas.
> >
> >
> >
> >
> >
>
============================================================================
> ====
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately.
This footnote also confirms that this email message has been swept for
the presence of computer viruses.
**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
