Let me start over with this:
I am trying to get Secure Client working.
I've set up a webserver on a DMZ that is statically natted to a real address
on the Internet.
I have two rules:
SecureClientUsers@Any Firewall FW1_pslogon ClientEncrypt Long
SecureClientUsers@Any WebServer http ClientEncrypt Long
When I try to browse the webserver from an address on the internet,
Authentication occurs and I get the following in the log:
decrypt http Internetaddress Webserver(Real address)
drop http Internetaddress Webserver(Private address)
decrypt FW1_pslogon Internetaddress Firewall(ExternalInterface)
drop http Internetaddress Webserver(Private address)
drop http Internetaddress Webserver(Private address)
drop http Internetaddress Webserver(Private address)
What am I missing?
Configuration details:
I'm running the fw and manager on the same box at 4.1 Build 41716 [VPN +
DE].
The Policy Server is defined to be this box.
The Secure Client is running on an NT 4.0 box with build 4157.
Gui is Version 4.1 Build 41710.
Properties:
'Respond to Unauthenticated Topology Requests' is checked.
'Desktop Does Not Invalidate' is checked.
'Allow All'
All of the boxes under 'Desktop Configuration Verification Options' are
checked.
The firewall object has FWZ checked with Key Manager and DH Key generated
and Encapsulation checked. Exportable for Secure Remote is checked.
The encryption domain is defined as two networks that include the real
addresses and the private addresses of static natted addresses.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
