Hi Mike
Yes please - I'd like to try the release stuff - although I am totally
flumoxed as to why this is affecting us now when the same setup worked a
couple of weeks ago !
Look forward to your fix.
Thanks
Tim Higgins
"Mike Anning"
<manning@europe To: [EMAIL PROTECTED]
.chep.com> cc:
[EMAIL PROTECTED],
[EMAIL PROTECTED]
26/07/00 12:51 Subject: Re: [FW1] Secure Remote and
WINS
Tim
We had the exact same problem with Win95 when we rolled SR... it got its
knickers in a twist when the NIC still had a DHCP assigned IP and would not
connect to the FW when connecting via Internet VPN.
I think it also affects Win98.
Any DHCP server worth its salt shouldn't give duplicate addresses and it
was my
understanding (please correct me if I a wrong) that the RFC (please don't
ask me
to quote which numbers:-) stated that the client should release the address
upon
shutdown.... hence the MS frig to force a release.
Why does a client need an IP address for 3 days?
We have ours down to 4 hours so they can move between sites and free
addresses
for others to use.
In summary, it shouldn't cause problems as the DHCP server should just
assign
the next available address when a client requests it and the chances are
that if
there are fewer clients likely to connect to the network than addresses in
the
pool, they will be assigned the same address again.
If you want to try the Win95 'ReleaseLeaseOnShutdown' thing, let me know.
Mike
[EMAIL PROTECTED] on 27/07/2000 13:30:38
To: Mike Anning/WEY/EU/CHEP@CHEP
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [FW1] Secure Remote and WINS
Hi
I think you are talking about a slightly different problem here.
Basically we have intermittent problems with SR clients (see start of
thread in this email) - they won't bring fwall login screen up.
On some a ping forces it but this is a bit naff anyway.
Now James has kindly suggested that (despite SR being bound to dialup only)
the dhcp address on the net card can affect SR if it is in the encryption
domain.
Sound kinda crazy but then again - it's Microsoft !
Anyway - back on to your stuff - it could be an approach for us but won't
your suggestion cause dhcp headaches - if PCs release address each time
they shutdown (rather than our standard 3-dayer) and cause IP duplicates
(which on MS dhcp is a pain in the *&* anyway) ?
Regards
Tim Higgins
"Mike Anning"
<manning@europe To: [EMAIL PROTECTED]
.chep.com> cc:
Subject: Re: [FW1] Secure
Remote
and WINS
26/07/00 12:01
Tim
I missed the beginning of this thread... is this a Windows 95 problem with
the
network adapter retaining the DHCP assigned IP address even though it is
shutdown cleanly?
If so you will need the Winsock 2 update, the vdhcp update and a registry
key
added to force 95 to release the IP on shutdown.
Let me know and I can send the necessary files to you.
HTH
Mike
[EMAIL PROTECTED] on 26/07/2000 12:53:02
To: James Oryszczyn <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
(bcc:
Mike Anning/WEY/EU/CHEP)
Subject: Re: [FW1] Secure Remote and WINS
Yes - the PCs have a DHCP address when connecting directly into our network
and a DHCP address on the dialup adaptor when dialling into ISP.
We ONLY have SR bound to Dialup Adaptor - so how can this network card
affect us ? - if despite my information you still believe that it is
related to the network card's DHCP address, please could you confirm that
you are talking about:-
1. winipcfg
2. select network card
3. release all
4 reboot
???
Thanks
Tim Higgins
James
Oryszczyn To: [EMAIL PROTECTED]
<jamesory@meg cc:
sinet.net> Subject: Re: [FW1] Secure
Remote
and WINS
26/07/00
11:49
I have seen this problem when using dhcp. Do you use dhcp ? If you do
make sure that your address is released before you try secure remote.
The reason is if you have servers with an ipaddress that is also bond
to the network card secure remote will not start encrypting thinking it
is on the same network
jamesory
----- Original Message -----
From: [EMAIL PROTECTED]
Date: Wednesday, July 26, 2000 5:46 am
Subject: [FW1] Secure Remote and WINS
>
> Hi
>
> I still have intermittent problems with NT domain login from our
> Windows 95
> Secure Remote 4153 clients to our FW-1 4.0 SP4 (NT 4.0 SP4) firewall.
>
> Sometimes fw login screen does not appear at all.
>
> I have tried:-
>
> a. A full hosts files on the clients
>
> b. An lmhosts files with 1 entry:-
>
> ip_address_of_PDC<TAB>"PDC NETBIOS_NAME<SPACES padded out to 15 chars>
> \0x1b"<TAB>#PRE
>
> c. Entering INTERNAL IP address of our WINS into DUN settings
>
>
> This is really screwy - the existing setup sometimes works and
> sometimesnot (for no apparent, logical reason)- it appears
> particularly bad when
> trying to use a dialup ISP other than the one that provides our leased
> line. Occasionally I can force an authentication by pinging one of our
> internal IP addresses - but this doesn't always work and is not a
> realisticanswer anyway.
>
> Now - the only thing I haven't tried is:-
>
> Setting up NAT for our WINS and using the External IP address
> instead of
> the Internal IP address in the DUN WINS setting - naturally I'll
> have to
> also add a one-2 one route on the fwall from ext. ip to internal ip
>
> Before I try the above I'm looking for some comments.
>
> TIA
>
> Tim Higgins
>
>
>
>
#**********************************************************************
> This message is intended solely for the use of the individual
> or organisation to whom it is addressed. It may contain
> privileged or confidential information. If you have received
> this message in error, please notify the originator immediately.
> If you are not the intended recipient, you should not use,
> copy, alter, or disclose the contents of this message. All
> information or opinions expressed in this message and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates. Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no responsibility for loss
> or damage arising from its use, including damage from virus.
>
#**********************************************************************
>
>
>
========================================================================
========
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
========================================================================
========
>
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
