You are right; you do not have to use OM so long as you do not want to use Secure Client to make overlapping subnets to work. I am not sure why the 'allowed range' shows 192.168.0.255 as the last ipaddr. Do you have any IP Pools configured? Have you included your external network as part of your encryption domain or you initially included it but since has taken it out - in both cases - ensure that user deletes the site, kill SR, start it all over again and recreate the site after amking sure that Internet (or your WAN) is not part of the encryption domain. But let us say due to some unknown configurations or some quirky bug, you have got this 192.168.0.255 in the userc.C file and we are thinking that this is causing the issue - can you guide your user to configure his IP like 192.168.70.1 or something like this - totally different from your subnets and then try again.
Rajeev Gupta Senior Network Engineer MCI Managed Security Services -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Rajesh Sent: Friday, February 04, 2005 7:42 PM To: [email protected] Subject: Re: [FW-1] SecuRemote/VPN problem Hi Rk, Thanks for your reply. Why should I use office mode? SecuRemote user's PC IP is 192.168.0.4 which is not part of VPN domain. I've included only 192.168.1.0 and 192.168.6.0 in VPN domain. So, it should be okay for 192.168.0.4 right. SecuRemote userc.C file is confusing me a bit. What is this allowed range? :allowed_interface_ranges ( : (210.89.128.141 :allowed_range ( : ( :type (machines_range) :ipaddr_first (0.0.0.0) :ipaddr_last (192.168.0.255) ) Thanks, Rajesh. Use officemode with secureclient. This will resolve your issue by using a virtual adapter at the client side with a choice of the IP given to you. Regds, RK >>> [EMAIL PROTECTED] 2/4/2005 1:29:47 AM >>> Hi all, I am running Checkpoint Firewall NG AI running on a Sun box (solaris 8). I've configured VPN for SecuRemote users. Everything is working fine. We had some problems like some of the SecuRemote users can't browse the Microsoft workgroup, can't login to windows domain etc. Later I configured SecuRemote DNS server object and created dnsinfo.C file. Now most of the users can browse the Microsoft workgroup shares and can login to some of our windows servers using \\192.168.1.11\share name. But 2 users have cable modems at home. Their PC IP address is 192.168.0.x. In our company network we have two internal networks (192.168.1.0 and 192.168.6.0). There 2 cable modem users can't access these Microsoft workgroup shares or \\192.168.1.11\shares. userC.c on all the SecuRemote client PC's/Laptops have: :gws ( : (Frontline.proxy :obj ( : (192.168.1.1) ) :keymanager ( :type (refobj) :refname ("#_Frontline") ) :allowed_interface_ranges ( : (210.x.x.x :allowed_range ( : ( :type (machines_range) :ipaddr_first (0.0.0.0) :ipaddr_last (192.168.0.255) ) : ( :type (machines_range) :ipaddr_first (192.168.3.0) :ipaddr_last (192.168.5.255) ) : ( :type (machines_range) :ipaddr_first (192.168.7.0) :ipaddr_last (210.89.x.x) ) : ( :type (machines_range) :ipaddr_first (210.89.x.x) :ipaddr_last (210.89.x.x) ) : ( :type (host) :ipaddr (210.89.x.x) ) : ( :type (machines_range) :ipaddr_first (210.89.x.x) :ipaddr_last (255.255.255.255) ) ) :is_ext (true) :is_natted (false) ) I was wondering if the Firewall is assuming that these two cable modem users are coming from our Internal Lan and FW is not applying VPN rules for these 2 users. Could someone please let me know what could be the reason? Thanks, Rajesh. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
