** High Priority **
Yes all of them defined properly and the other 7 users also connect that host.
[EMAIL PROTECTED] 26.07.2004 16:31:55
Are all the subnets defined properly for you VPN domain? Could it be the 2 subnets you
can get to fine are directly attached to the firewall, while the
** High Priority **
Yes all of them uses Win98 and we are using to an IP address, not DNS name. And the
user has connecting the internet by dialup modem, so he has not any internal network :(
[EMAIL PROTECTED] 26.07.2004 17:07:28
Are the operating systems all the same on each computer? Are
If anyone could let me know what we did wrong, I'd appreciate it.
We have a Windows 2000 Server(SP4) with checkpoint firewall-NG(FP3)
running a DMZ (about a dozen real IP's) and an internal NAT'd LAN
(172.16.x.x).
We have a web server in our internal LAN (172.16.2.77). We want to open
up outside
Gary,
It seems that the error message Clients configuration is not
verified is
suggesting that rather than passing or failing the checks,
the checks aren't
even taking place in the first place!!!, why would that be ??
[snip local.scv]
in you local.scv you don't realy check anything
The
Previous employer had a VPN connection to the US which went down twice
in 3 years - (this was version 4.0 on NT4 ) due to key problems. In
terms of performance they also replaced a Framerelay Leased line network
with a VPN runnign over the same size local tails there was no
noticable change in
I would disable the route you created an instead use some kind of static nat
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
I saw a similar case where the Win98 laptop formerly was in the same subnet
with the desired target host. the Win98 box still had an IP (which it has
got formerly via dhcp) on the nic, so it tried to route all pakets
unencryted to this host. Have a look at winipcfg on the appropriate adapter
and
Do you have the latest patches for Solaris installed? It saw a similar error
which disappaered after patching Solaris up to date...
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
The original message was included as attachment
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To
I'm having problems with Securemote on a firewall running R55 hf04.
Users on DSL, Cable modem, and dialup lines cannot create new site
information and make connections. The connection attempt just times out
after a few minutes.
Users who come across a T-1 line have no problem creating a site
** High Priority **
Unfurnately thic pc has no IP address (standalone pc), i have looked at
ipconfig /all and with route print command. But there is no clue about
this problem.
[EMAIL PROTECTED] 27.07.2004 11:54:50
I saw a similar case where the Win98 laptop formerly was in the same
subnet
You haven't mentioned anything about creating a NAT for this object. If the
packets get to your server looking for the REAL destination address, your
server is going to drop them with the assumption they are for someone else.
Whether you leave the routing statement in or not depends on whether
It doesn't work for me. I installed the patch 106531-34.
Thanks,
Juan
- Original Message -
From: Steck, Steffen M. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:00 AM
Subject: Re: [FW-1] Problem with FW 4.1 SP6 on Solaris 2.7
Do you have the latest patches for
create the node object with the 172 address of your internal network,
click on translation tab set it to static and then put your 228 address
there
- Original Message -
From: Darren Grant [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 1:21 AM
Subject: [FW-1] Routing
I think this deals with the LOCAL.ARP file I use to have to manually add
the MAC address and the IP address to. When I upgraded to NG AI it would
modify this file automagically if you use Add Auto address translation
rules for the server object.
John
IPSecuritas from www.lobotomo.com worked great including being able to
authenticate via digital certificate and the instructions in the on line
help of the product are spot on.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
Ok, I got a tough one...I'm trying to setup a VPN community (star) with
IP30's as satellites and an R55 Cluster as the hub. The problem is that
the IP30's need to be configured as dynamic addresses. I can get it to
work just fine with static, but as soon as I switch the IP30 object
properties to
If it's central management you want, I have a document that I've been
passing around this forum. It explains how to set up centrally managed
embedded devices. If you want it, send me an email and let me know.
-Original Message-
From: Mailing list for discussion of Firewall-1
Thanks for everyone's help... really appreciate it. It's up and running
now.
My mistake... I had created an object for the real IP... and then
statically NAT'd it to the fake LAN IP. When I reversed this and
removed my manually entered route (route add -p x.x.x.228
172.16.2.77)... and installed
Do you see IKE traffic arriving at all? I would dump on my external
interface on the firewall and see what is arriving. If you see nothing
arriving, it is an issue with the client pc/network. You should see at
least the initial IKE connections happening.
Matt
-Original Message-
From:
Hi,
Yes, you can.
You can define a third party vpn device as Interoperable Device.
And it can add to the VPN Community.
You don't have to use the Traditional mode rule base.
Hope it helpful.
Hiroshi
On Tue, 27 Jul 2004 16:36:15 -0300, Romulo de Almeida Gen Neto
[EMAIL PROTECTED] wrote:
Hi,
I have
Hi Gary,
It is odd because you have :block_connections_on_unverified (false) which
should allow computers with failed SCVchecks to continue to connect. The
topology update issue is a valid one. I have mine set for an hour just so I
can make local.scv changes and have them propogated no more than
Yes, NT does the same thing. If there is a NIC installed in the computer, it
holds the DHCP IP address somewhere in the registry through a reboot or
power cycle even if the NIC is now at home and no longer in the office. I
don't think it shows up in WNTIPCFG or ipconfig /all, though.
We worked
23 matches
Mail list logo
