Re: [FW1] Problems with ICA-client, Securemote and NAT.

dgrabowski Wed, 20 Dec 2000 11:37:04 -0800


Your clients may be trying to connect to the alternate address of your
citrix box, instead of the private address.

Dave Grabowski
System Arts, Inc.
(212) 604-9015 x316
[EMAIL PROTECTED]


                                                                                       
                                
                    [EMAIL PROTECTED]                                                        
                                
                    Sent by:                                    To:     
[EMAIL PROTECTED]       
                    [EMAIL PROTECTED]        cc:                    
                                
                    kpoint.com                                  Subject:     [FW1] 
Problems with ICA-client,           
                                                                Securemote and NAT.    
                                
                                                                                       
                                
                    12/20/2000 10:20 AM                                                
                                
                                                                                       
                                
                                                                                       
                                





Hi all,

I need some expert help on this.

Nokia Ipso 3.2.1 with FW-1 v 4.1 SP.2

I have a configuration where I want securemote users to acces my internal
Citrix server. The Citrix server has a static address translation. When I
connect to the Citrix-server without using securemote, everything works
fine so the static routing and proxy arp must be configured correctly.

When I use the securemote client I can't get through to the server. I can
see in the logviewer that I get an Authcrypt, a Key Install and then a
decrypt. Source and Destination are the external addresses. In Xlatedest.
it is the correct internal adresses. The problem is that I can't see any
return traffic from my citrix server to the securemote client in the
logfile.'
But when I use tcpdump on the fw internal interface, I can see the clients
external address try to connect to the citrix server internal address, and
that the citrix server tries to respond to the external client IP-address.
Is this correct, and if it is, why can't I see it in the logfile ??

I have included the citrix server external address in the encryption
domain. I have also tried to disable anti_spoofing, with no luck.

My securemote rule is after the stealth rule. Has that anything to say ??

Thanks for your help...-


Christian H. Jensen


..................................................................................



eSec A/S - Managed Security

http://www.esec.dk
Telefon: +45 7020 5585
Direkte:  +45 4450 2073
Mobil:     +45 20192510
..................................................................................







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] Problems with ICA-client, Securemote and NAT.

Reply via email to
