Re: [FW1] SecuRemote question

Emmanuel LUCAS Wed, 12 Jul 2000 01:53:59 -0700

Hi,

What do you mean by "no filtering is occuring" ? I allow "any" services on
my FireWall for SecuRemote clients.
How can I check if my ISP is doing address translation ?
I have modified my objects.C file on my firewall. Is that all ?

Cordially

Emmanuel Lucas.

----- Original Message -----
From: Martin, Andy <[EMAIL PROTECTED]>
To: Fw-1-Mailinglist (E-mail) <[EMAIL PROTECTED]>
Sent: Tuesday, July 11, 2000 12:36 PM
Subject: RE: [FW1] SecuRemote question


>
> Hiya,
>
> Just a quick note that it is important to check that all inbound traffic
is
> being allowed through to you internal client (Behind the cable modem) i.e.
> no filtering is occuring. Also ensure that the ISP is not doing address
> translation. If it is you will need to modify your firewall files to allow
> this a good resource for this sort of issue is phoneboy
> http://www.phoneboy.com
>
> http://www.phoneboy.com/fw1/faq/0141.html concerns NAT and Secure remote.
>
> Hope this helps
>
> Andy
>
> -----Original Message-----
> From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
> Sent: 06 July 2000 16:55
> To: Jim Brown
> Cc: [EMAIL PROTECTED]
> Subject: Re: [FW1] SecuRemote question
>
>
>
> As I said above on my first append, I have tried with 2 IP addresses in
> 195.x.x.x and the firewall log show me the good client IP address. So does
> it means that there is no address translation ?
>
> Cordially
>
> Emmanuel Lucas.
> ----- Original Message -----
> From: Jim Brown <[EMAIL PROTECTED]>
> To: 'Emmanuel LUCAS' <[EMAIL PROTECTED]>; Dallas Bishoff
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, July 06, 2000 5:23 PM
> Subject: RE: [FW1] SecuRemote question
>
>
> > You're problem is most likely tied to the probability that your cable
> modem
> > is performing some type of NAT on the client's IP address. Unless you
can
> > map those inbound UDP packets from the firewall to your client you will
> > never be successful using SecuRemote.
> >
> > There is probably no address translation on you RTC or ISDN connections.
> > Check the IP address of you client when it attached to each type of
> > connection and I would bet that it is a private or unroutable address
when
> > attached to the cable modem.
> >
> > -----Original Message-----
> > From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 06, 2000 8:56 AM
> > To: Dallas Bishoff
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [FW1] SecuRemote question
> >
> >
> >
> > I am using SR Client build 4003 and my Firewall is v4.0 sp2 but It works
> > using RTC or ISDN line ! The problem comes with cable modem.
> >
> > Cordially
> >
> > Emmanuel Lucas.
> > ----- Original Message -----
> > From: Dallas Bishoff <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, July 06, 2000 4:26 PM
> > Subject: Re: [FW1] SecuRemote question
> >
> >
> > > Emmanuel:
> > >
> > > Two pssible causes...you are using SR Build 4118, or you have a
> mis-match
> > > with DES and 3DES on the firewall and client.  Check to makes sure
that
> > both
> > > are either VPN or VPN+STRONG, and make sure the encryption settings
for
> > the
> > > connection are the same.
> > >
> > > There has been various problems reported with WIN98 and SR, so update
to
> > the
> > > newest version (at least 4153)
> > >
> > > Regards!!!
> > >
> > > Dallas N. Bishoff
> > > MCSE+I, MCT, CCA, ICE, CCSE,
> > > Nokia Security Engineer (NSA),
> > > RSA Certified SecurID Support Engineer
> > >
> > >
> > >
> > > From: Emmanuel LUCAS <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: [FW1] SecuRemote question
> > > Date: Thu, 6 Jul 2000 15:46:55 +0200
> > >
> > >
> > > Hi,
> > >
> > > I have FW-1 installed on an NT box. I have an SeuRemote client
installed
> > on
> > > win98. When I connect to my Firewall using ISDN line or anologic modem
> all
> > > works fine (logon to NT domain, access network shared ressources and
> > > applications etc ...).
> > >
> > > Now I try to connect my FW using a cable modem. So I have configured a
> > > network adapter on my client.
> > > On my secuRemote client I can ping my FireWall. So I have defined my
> > > new site. All works fine I am asked to enter my userid and password to
> > > begin the encryption. The Firewall answer OK. From this moment, I
can't
> > > ping anymore my Firewall or my servers on the encryption domain
"request
> > > timeout".
> > > When I try to ping a server, I see on the Firewal logs a "keyInstall"
> line
> > > but nothing else
> > >
> > > I have seen lot of happends on the liste archive that talk about
address
> > > translation
> > > problem with cable modem providers and SecuRemote.
> > >
> > > So I have made a test. I have connected my SecuRemote client on the
same
> > hub
> > > than my FireWall juste behind my cable modem. My provider gave me 2 IP
> > > addresses. The same problem happends.
> > >
> > > On my FireWall log, I have:
> > >
> > > ///ACTION / SERVICE / SOURCE / DEST / PROTOCOL / RULE / S_PORT / USER
> ///
> > > ///Autocrypt /              / securemote_IP_address /     /     ip
/
> > > 0     /             / my_user_name ///
> > > ///KeyInstall /             / securemote_IP_address / my_servers / ip
/
> > 0
> > > /             /               ///
> > >
> > > The securemote_IP_address is the good one so there is no address
> > > translation, isn't it ?
> > >
> > > Any idees ? Why it doesn't works ?
> > >
> > > Cordially
> > >
> > > Emmanuel Lucas.
> > >
> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >       To unsubscribe from this mailing list, please see the
instructions
> > at
> > >                 http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> > >
________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
> > >
> >
> >
> >
> >
>
============================================================================
> > ====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> > ====
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately.
>
> This footnote also confirms that this email message has been swept for
> the presence of computer viruses.
> **********************************************************************
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] SecuRemote question

Reply via email to
