Ok,
I just read sp2 release notes and found the setting:
:resolve_multiple_interfaces (true)
However I do not know where to put this setting exactly. What is meant by
the gateway object? I tried putting it on different places however none of
them forced SecuRemote to connect to different FW interfaces.
Cheers,
Josef
> -----Original Message-----
> From: CryptoTech [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, February 19, 2001 3:54 PM
> To: Hartmann, Josef
> Cc: 'Larry Pingree'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [FW1] SecuRemote connects to which fw interface (again)?
>
>
> Please read the release notes for SP2. You cannot download topology from
> the other
> ip addresses, but once the topology exists on the client, he can establish
> a vpn to
> any of the firewall's interfaces that he can see.
>
> Cheers,
> CryptoTech
>
> "Hartmann, Josef" wrote:
>
> > Thinking about this effect, means that it is only possible to establish
> a
> > VPN connection only to one firewall interface?!?
> >
> > How do I get access to Checkpoint's Support center?
> >
> > > -----Original Message-----
> > > From: Larry Pingree [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, February 15, 2001 8:51 PM
> > > To: Hartmann, Josef; [EMAIL PROTECTED];
> > > [EMAIL PROTECTED]
> > > Subject: Re: [FW1] SecuRemote connects to which fw interface
> (again)?
> > >
> > > I believe the answer would be yes. The IP address in the general tab
> is
> > > used
> > > to build the topology download, and this is the IP address to which
> > > securemote will connect to.
> > >
> > > I do agree that Check Point "should" use the closest interface to the
> > > securemote client, but this is not the case thus far.
> > >
> > > Maybe you could submit a bug to Check Point's Support center?
> > >
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > > Larry Pingree
> > > Sr. Security Consultant
> > > Email: [EMAIL PROTECTED]
> > >
> > > SiegeWorks
> > > Company WebSite: http://www.siegeworks.com/
> > > Security Installation, Training and Consulting
> > > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > > ----- Original Message -----
> > > From: Hartmann, Josef <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> > > Sent: Thursday, February 15, 2001 1:23 AM
> > > Subject: [FW1] SecuRemote connects to which fw interface (again)?
> > >
> > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > > I am running a fw with quite a few interfaces. Now I would like to
> setup
> > > a
> > > > VPN. After some troubles userc.C is now loaded, however SecuRemote
> does
> > > > connect to the primary interface of the firewall not to the
> interface
> > > which
> > > > the client has access to.
> > > >
> > > > Unfortunately userc.C is encrypted. Setting the appropriate
> parameter in
> > > > userc.C to false or removing it did not help me.
> > > >
> > > > A small figure to illustrate this:
> > > >
> > > > Network C
> > > >
> > > > |
> > > > |
> > > > _______________
> > > > | |
> > > > network A -----------| FW |-----------------
> Network
> > > B
> > > > --------- VPN Client
> > > > this IP address is | |
> > > > set the one of the | |
> > > > FW object. --------------------------
> > > > |
> > > > |
> > > > Network D
> > > >
> > > > As you can see the Gateway address of the SecuRemote Client should
> be
> > > > interface B however, after the Topo downloaded forces the VPN Client
> to
> > > use
> > > > interface A as gateway but that's silly, isn't? Do I have to use
> > > Interface
> > > B
> > > > as the "primary" (the IP Address given in the general tap of the
> > > workstation
> > > > properties of the firewall object) interface of the firewall object?
> > > >
> > > >
> > > >
> > > >
> > > > Any hints?
> > > >
> > > >
> > > > Cheers,
> > > >
> > > > Josef
> > > >
> > > >
> > > >
> > >
> ==========================================================================
> > > ==
> > > ====
> > > > To unsubscribe from this mailing list, please see the
> instructions
> > > at
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> ==========================================================================
> > > ==
> > > ====
> > > >
> >
> >
> ==========================================================================
> ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> ======
> >
> > ________________________________________________________________________
> > This message has been checked for all known viruses, by Star Internet,
> > delivered through the MessageLabs Virus Control Centre.
> > For further information visit:
> > http://www.star.net.uk/stats.asp
> >
> >
> ==========================================================================
> ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> ======
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
