Re:Securemote and W2k

[CSchellenberg]

We had this same problem.

2 things - you need SP2, and to use IKE as your encryption scheme.  As I
understand it, in the FWZ scheme, the source IP address is being encapsulated
within the packet.  As part of the unencapsulation process, the source address
of the actual packet is compared to the encapsulated source address.  If they
don't match, the packet is rejected.  I believe this is an anti-spoofing
security measure.

Please correct as required.

Thanks,

Conrad Schellenberg
[EMAIL PROTECTED]
Comark Inc.

Phone   (204) 633 1886 ext. 204
fax     (204) 694 9689


____________________Reply Separator____________________
Subject:    Securemote and W2k
Author: "ragu nandan" <[EMAIL PROTECTED]>
Date:       11/27/2000 8:44 PM

Hello
   
a)A user is using a laptop running VPN-1 Secure Remote
version 4.1 SP-2 3DES Build 4165 as a client and
Securemote server runs on CP 4.1, SP1. We use
Encapsulated FWZ as our encryption scheme.
b)My External Interface machine is a WIN 2K using two
nic cards.  External is 64.188.33.x and internal
addresses are 192.168.254.x.  The box uses the NAT
provided by WIN2K in the "Routing and Remote Access"
tool. Basically HIDE NAT.
c)I have my DNS point to my Company's external DNS
server and WINS as well
d)I have ports 259, 2746, and 500 routing to my laptop
at 192.168.254.22
e)I successfully create the site. If I ping or access
the company's webservers by http, the FW logon box
appears immediately and I am authenticated by RADIUS.
However nothing happens after that. The envelope in
the system tray will open/close as expected, but
nothing goes through.
 I did see in the phoneboy site as it is a known issue
(Securemote & NAT). The objects.C has been edited for
NAT connection as well. Any help will be appreciated.
Thx in advance.
Raghu




__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]