Re: [FW1] SecuRemote question

Sat, 04 Aug 2001 01:40:07 -0700 


If the normal default gateway for hosts on your network is different from 
the incoming gateway that your SecuRemote clients use, the connection will 
fail because the return packets won't be going back out through the 
firewall.
You can get around the problem of routing return SecuRemote packets through 
the wrong gateway by hiding the source addresses of incoming SecuRemote 
connections behind the firewall's internal address. That way, the internal 
host's return packets will be directed to the firewall, which will then 
forward them back to the original SecuRemote client address. The procedure 
is decribed in the document at 
http://support.checkpoint.com/kb/docs/public/securemote/4_0/pdf/srhide.pdf.  
I tried it in a similar situation and it solved the problem you describe.


>From: "Kondisetty, Sudhir" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'"  
><[EMAIL PROTECTED]>
>Subject: [FW1] SecuRemote question
>Date: Tue, 31 Jul 2001 16:44:43 -0400
>
>
>Hi folks,
>
>It's my understanding that the "external" NIC on the firewall is the only
>one that responds to SecuRemote clients.  Is this truly the case?  My 
>client
>has two Internet connections: One is for standard communication by users
>in-house.  They would like to dedicate the second connection purely to VPN
>usage.
>
>Can this be done?  If a secondary card is able to respond to SecuRemote
>clients, won't the returning data be routed through the default gateway?  
>If
>the SecuRemote entry point is different, won't the connection fail?  Plus, 
>I
>thought that when you set the license for VPN-1 and Firewall-1 to the
>external NIC card, it is the only one that can respond to SecuRemote
>requests.
>
>Hopefully, this makes some sense.  It's a heck of lot easier to diagram 
>then
>to explain in words!  If anyone understands my question, please let me know
>what you think.
>
>Sudhir
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================
>


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to