OS is XP and Secure Client versions have been from the FP3 to R56. Currently I use R56.
Jeremy Lieb CCNA CCSA-NG CCSE-NG Firewall Administrator Open Text Corporation 847-267-9330 ext 4395 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Friday, September 24, 2004 10:10 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Another.....Another..... Another NAT question (SecuRemote) And what version of SecureClient and what OS on the client? Ray >From: Jeremy Lieb <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Another.....Another..... Another NAT question >(SecuRemote) >Date: Fri, 24 Sep 2004 21:06:11 -0400 > >Maybe you and I can have a small discussion on this Office Mode setup. >We have never been able to get Secure Client working in a situation >where the address being connected from matches an Encryption domain >address. We use Office Mode and Secure Client. Office Mode addresses are >given out by a separate DHCP server and the range falls outside the >internal LAN. On the firewalls themselves the Office Mode Pool is routed >to the external interface of the firewall. What happens when a >connection is attempted is essentially a Gateway Not Responding error >and nothing at all shows up in the Smartview Tracker. Any ideas on this? >For background we are running a clustered firewall NG AI 54 as well as >several internal firewalls anywhere between FP3 and R55. Management is >R55 and all of the firewalls plus management are running either on Red >Hat 7.3 or RHEL3.0. Everything is currently in Traditional Mode. From a >SW Monitor it actually appears that my external address is trying to >talk to the internal address of the firewall when I have an address that >conflicts with the Encnet. Any ideas would be great. > >Thanks > >Jeremy Lieb CCNA CCSA-NG CCSE-NG >Firewall Administrator >Open Text Corporation >847-267-9330 ext 4395 >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] On Behalf Of Ray >Sent: Friday, September 24, 2004 7:26 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] Another.....Another..... Another NAT question >(SecuRemote) > >You actually can use any IP range you want for the Office Mode IP Pool >as >long as it's routable from any internal location to the internal >interface >of the gateway. A simple traceroute will confirm your routing. The >Office >Mode IPs are never exposed on the Internet. > >Since NG AI, you can have the Office Mode IP Pool in your encryption >domain. >We do. It allows SecureClient-to-SecureClient connections (think VoIP or >NetMeeting). > >Ray > > >From: Jean-Francois Gobin <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: [FW-1] Another.....Another..... Another NAT question > >(SecuRemote) > >Date: Fri, 24 Sep 2004 20:54:06 +0200 > > > >Yes, it can solve it. Just allocate a small part of the 192.168.1.x >(for > >ex. 150->160) and exclude it from the DHCP or from the static >addressing, > >and just set up arp proxy in the FW for those IP. > > > >JF > > > >On Fri, 24 Sep 2004, Peter G. Viscarola wrote: > > > >>> > >>>Another advantage of SecureClient is that it has Office Mode, > >>>where you can assign a specific network to remote users. > >>> > >> > >>WOW! (sorry, I'm a bit late to the discussion) > >> > >>Can somebody, ANYbody, confirm that Office Mode actually does solve >the > >>original poster's problem (of being to access the private lan via VPN > >>from the Hotel in the following setup): > >> > >>Hotel Subnet A (192.168.1.xxx) --> internet --> FW --> Private > >>Lan(192.168.1.xxx) > >> > >>We've been "just living with" the problem of traveling and being at a > >>hotel that conicidentally uses the same subnet address as our private > >>lan. Because SecuRemote thinks you're within the encryption domain, >it > >>doesn't encrypt or authenticate (and thus no VPN access). > >> > >>We've just upgraded from V4.1 to NG AI R55, and I've got our users >still > >>on Secure Remote for now. I've gotten Secure Client running with >Office > >>Mode and Visitor Mode (and all the other attendant goodies like IP > >>compression) running for test purposes... But didn't realize it would > >>solve the above problem. > >> > >>Can somebody please confirm that they actually seen Office Mode solve > >>this problem? If so, I'll be soooo totally thrilled and I'll be an > >>instant hero, > >> > >>Peter > >>OSR > >> > >>================================================= > >>To set vacation, Out-Of-Office, or away messages, > >>send an email to [EMAIL PROTECTED] > >>in the BODY of the email add: > >>set fw-1-mailinglist nomail > >>================================================= > >>To unsubscribe from this mailing list, > >>please see the instructions at > >>http://www.checkpoint.com/services/mailing.html > >>================================================= > >>If you have any questions on how to change your > >>subscription options, email > >>[EMAIL PROTECTED] > >>================================================= > >> > > > >---------- > >Jean-Francois Gobin - Administrateur gobinjf.be > >http://www.gobinjf.be mailto:[EMAIL PROTECTED] > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > >_________________________________________________________________ >Is your PC infected? Get a FREE online computer virus scan from >McAfee(r) >Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
