Hi,
You can check if the ISP is doing NAT by calling them and asking. Secondly
this approach would work for the filtering question :-) . The best resource
for this sort of problem is Phoneboy
http://www.phoneboy.com/fw1/faq/0380.html relates to secure remote with DSL
or cable modems.
Hope this helps
Cheers
Andy
-----Original Message-----
From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
Sent: 12 July 2000 09:45
To: Martin, Andy
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] SecuRemote question
Hi,
What do you mean by "no filtering is occuring" ? I allow "any" services on
my FireWall for SecuRemote clients.
How can I check if my ISP is doing address translation ?
I have modified my objects.C file on my firewall. Is that all ?
Cordially
Emmanuel Lucas.
----- Original Message -----
From: Martin, Andy <[EMAIL PROTECTED]>
To: Fw-1-Mailinglist (E-mail) <[EMAIL PROTECTED]>
Sent: Tuesday, July 11, 2000 12:36 PM
Subject: RE: [FW1] SecuRemote question
>
> Hiya,
>
> Just a quick note that it is important to check that all inbound traffic
is
> being allowed through to you internal client (Behind the cable modem) i.e.
> no filtering is occuring. Also ensure that the ISP is not doing address
> translation. If it is you will need to modify your firewall files to allow
> this a good resource for this sort of issue is phoneboy
> http://www.phoneboy.com
>
> http://www.phoneboy.com/fw1/faq/0141.html concerns NAT and Secure remote.
>
> Hope this helps
>
> Andy
>
> -----Original Message-----
> From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
> Sent: 06 July 2000 16:55
> To: Jim Brown
> Cc: [EMAIL PROTECTED]
> Subject: Re: [FW1] SecuRemote question
>
>
>
> As I said above on my first append, I have tried with 2 IP addresses in
> 195.x.x.x and the firewall log show me the good client IP address. So does
> it means that there is no address translation ?
>
> Cordially
>
> Emmanuel Lucas.
> ----- Original Message -----
> From: Jim Brown <[EMAIL PROTECTED]>
> To: 'Emmanuel LUCAS' <[EMAIL PROTECTED]>; Dallas Bishoff
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, July 06, 2000 5:23 PM
> Subject: RE: [FW1] SecuRemote question
>
>
> > You're problem is most likely tied to the probability that your cable
> modem
> > is performing some type of NAT on the client's IP address. Unless you
can
> > map those inbound UDP packets from the firewall to your client you will
> > never be successful using SecuRemote.
> >
> > There is probably no address translation on you RTC or ISDN connections.
> > Check the IP address of you client when it attached to each type of
> > connection and I would bet that it is a private or unroutable address
when
> > attached to the cable modem.
> >
> > -----Original Message-----
> > From: Emmanuel LUCAS [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 06, 2000 8:56 AM
> > To: Dallas Bishoff
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [FW1] SecuRemote question
> >
> >
> >
> > I am using SR Client build 4003 and my Firewall is v4.0 sp2 but It works
> > using RTC or ISDN line ! The problem comes with cable modem.
> >
> > Cordially
> >
> > Emmanuel Lucas.
> > ----- Original Message -----
> > From: Dallas Bishoff <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, July 06, 2000 4:26 PM
> > Subject: Re: [FW1] SecuRemote question
> >
> >
> > > Emmanuel:
> > >
> > > Two pssible causes...you are using SR Build 4118, or you have a
> mis-match
> > > with DES and 3DES on the firewall and client. Check to makes sure
that
> > both
> > > are either VPN or VPN+STRONG, and make sure the encryption settings
for
> > the
> > > connection are the same.
> > >
> > > There has been various problems reported with WIN98 and SR, so update
to
> > the
> > > newest version (at least 4153)
> > >
> > > Regards!!!
> > >
> > > Dallas N. Bishoff
> > > MCSE+I, MCT, CCA, ICE, CCSE,
> > > Nokia Security Engineer (NSA),
> > > RSA Certified SecurID Support Engineer
> > >
> > >
> > >
> > > From: Emmanuel LUCAS <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: [FW1] SecuRemote question
> > > Date: Thu, 6 Jul 2000 15:46:55 +0200
> > >
> > >
> > > Hi,
> > >
> > > I have FW-1 installed on an NT box. I have an SeuRemote client
installed
> > on
> > > win98. When I connect to my Firewall using ISDN line or anologic modem
> all
> > > works fine (logon to NT domain, access network shared ressources and
> > > applications etc ...).
> > >
> > > Now I try to connect my FW using a cable modem. So I have configured a
> > > network adapter on my client.
> > > On my secuRemote client I can ping my FireWall. So I have defined my
> > > new site. All works fine I am asked to enter my userid and password to
> > > begin the encryption. The Firewall answer OK. From this moment, I
can't
> > > ping anymore my Firewall or my servers on the encryption domain
"request
> > > timeout".
> > > When I try to ping a server, I see on the Firewal logs a "keyInstall"
> line
> > > but nothing else
> > >
> > > I have seen lot of happends on the liste archive that talk about
address
> > > translation
> > > problem with cable modem providers and SecuRemote.
> > >
> > > So I have made a test. I have connected my SecuRemote client on the
same
> > hub
> > > than my FireWall juste behind my cable modem. My provider gave me 2 IP
> > > addresses. The same problem happends.
> > >
> > > On my FireWall log, I have:
> > >
> > > ///ACTION / SERVICE / SOURCE / DEST / PROTOCOL / RULE / S_PORT / USER
> ///
> > > ///Autocrypt / / securemote_IP_address / / ip
/
> > > 0 / / my_user_name ///
> > > ///KeyInstall / / securemote_IP_address / my_servers / ip
/
> > 0
> > > / / ///
> > >
> > > The securemote_IP_address is the good one so there is no address
> > > translation, isn't it ?
> > >
> > > Any idees ? Why it doesn't works ?
> > >
> > > Cordially
> > >
> > > Emmanuel Lucas.
> > >
> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > > To unsubscribe from this mailing list, please see the
instructions
> > at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> > >
________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
> > >
> >
> >
> >
> >
>
============================================================================
> > ====
> > To unsubscribe from this mailing list, please see the instructions
at
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> > ====
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately.
>
> This footnote also confirms that this email message has been swept for
> the presence of computer viruses.
> **********************************************************************
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately.
This footnote also confirms that this email message has been swept for
the presence of computer viruses.
**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
