Thomas,
Outside users are coming over the Internet using SecuRemote to access
a Web Server on the inside of our network.
All SecuRemote clients are utilizing WINS and DNS on the inside of
our network, but they can get to Internet sites also.
Bob
>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>CC: [EMAIL PROTECTED]
>Subject: RE: [FW1] VPN-1 SP2 & SecuRemote Version 4115
>Date: Thu, 28 Sep 2000 12:22:22 -0400
>
>Is this via Securemote or internal access going through the firewall?
>
>Have you utilized the split dns document at www.checkpoint.com/~joe ?
>
>If you are speaking about getting from your internal site (10.x.x.x or
>equivalent) and lets say you have a web server on your external side thats
>200.200.200.200 which is also natted to 10.1.1.2
>
>If you use NetBIOS resolution, you get to the server with an internal IP
>address.
>
>If you try to get to the actual host, www.yourserver.com which is located
>at
>200.200.200.200, there will be a problem.
>
>This is because the firewall always assumes it is between a host and a end
>server).
>
>It has to do with routing and NAT.
>
>The short answer is that you should have an internal dns for your internal
>hosts, and an external dns to resolve outside. Hopefully you don't
>currently
>have wins being dumped into dns, and external users can resolve EVERY host.
>
>Phoneboy has a write-up on this:
>
>Write back if you have any issues.
>
>
>-----Original Message-----
>From: Bob Bisignani [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, September 28, 2000 12:06 PM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: RE: [FW1] VPN-1 SP2 & SecuRemote Version 4115
>
>
>Thomas,
> We had problems with DNS not working, e.g., I could get to a web
>server (Intranet site) if I used the netbios name (wins may have been
>working) but not when using the CNAME (DNS name).
>
> Thanks for your help and response.
>
>Bob
>
>
> >From: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: RE: [FW1] VPN-1 SP2 & SecuRemote Version 4115
> >Date: Thu, 28 Sep 2000 08:51:26 -0400
> >
> >I've found that even 4005 with fwz is ok. I;ve seen more issues with IKE.
> >
> >Thomas
> >
> >-----Original Message-----
> >From: Bob Bisignani [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, September 27, 2000 10:21 PM
> >To: [EMAIL PROTECTED]
> >Subject: [FW1] VPN-1 SP2 & SecuRemote Version 4115
> >
> >
> >
> > Has anyone upgraded to version 4.1 SP2 on VPN-1 while still using
>the
> >old client 4115 using FWZ?
> >
> > Thanks
> >
> >Bob
> >_________________________________________________________________________
> >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> >
> >Share information about yourself, create your own public profile at
> >http://profiles.msn.com.
> >
> >
> >
> >===========================================================================
>=
> >====
> > To unsubscribe from this mailing list, please see the instructions
>at
> > http://www.checkpoint.com/services/mailing.html
> >===========================================================================
>=
> >====
>
>_________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>Share information about yourself, create your own public profile at
>http://profiles.msn.com.
>
>
><< FireWall-1_FAQ-_Can_t_Talk_to_Translated_IP_from_Internal_Net.url >>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
