In SecuRemote you can not have the same subnets remote as you have in the encryption domain. Advise the users to change the addressing schema at home or use secureclient (which overcome such limitation).
regards,
Stefan
Am 04.02.2005 um 07:29 schrieb Rajesh:
Hi all,
I am running Checkpoint Firewall NG AI running on a Sun box (solaris 8). I've configured VPN for SecuRemote users. Everything is working fine. We had some problems like some of the SecuRemote users can't browse the Microsoft workgroup, can't login to windows domain etc. Later I configured SecuRemote DNS server object and created dnsinfo.C file.
Now most of the users can browse the Microsoft workgroup shares and can login to some of our windows servers using \\192.168.1.11\share name. But 2 users have cable modems at home. Their PC IP address is 192.168.0.x. In our company network we have two internal networks (192.168.1.0 and 192.168.6.0). There 2 cable modem users can't access these Microsoft workgroup shares or \\192.168.1.11\shares.
userC.c on all the SecuRemote client PC's/Laptops have:
:gws ( : (Frontline.proxy :obj ( : (192.168.1.1) ) :keymanager ( :type (refobj) :refname ("#_Frontline") ) :allowed_interface_ranges ( : (210.x.x.x :allowed_range ( : ( :type (machines_range) :ipaddr_first (0.0.0.0) :ipaddr_last (192.168.0.255) ) : ( :type (machines_range) :ipaddr_first (192.168.3.0) :ipaddr_last (192.168.5.255) ) : ( :type (machines_range) :ipaddr_first (192.168.7.0) :ipaddr_last (210.89.x.x) ) : ( :type (machines_range) :ipaddr_first (210.89.x.x) :ipaddr_last (210.89.x.x) ) : ( :type (host) :ipaddr (210.89.x.x) ) : ( :type (machines_range) :ipaddr_first (210.89.x.x) :ipaddr_last (255.255.255.255) ) ) :is_ext (true) :is_natted (false) )
I was wondering if the Firewall is assuming that these two cable modem users are coming from our Internal Lan and FW is not applying VPN rules for these 2 users.
Could someone please let me know what could be the reason?
Thanks, Rajesh.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
