thanks to Reinhard, I can connect to my connectra, via port redirect, which sit
on
my dmz network behind a cisco IOS router running firewall feature set. I can
connect
to the device via SNX mode fine and everything is working great.
However, as a beginner with this device, I have the following questions that
I need help
from gurus in this forum:
1) I would like to tunnel everything including snx via tcp port 443.
Currently, SNX is
using the default port of tcp 444. I can accomplish this using a secondary
IP address
on the primary NIC. My currently IP address of the connectra is
192.168.15.104 and
I am thinking of using 192.168.15.103 for the secondary IP address of SNX.
However,
because this is my home network and I only have 1 public IP and that IP is
being
used by the Cisco IOS router/firewall, I can redirect port 443 from the
router to
connectra primary IP but I don't think I can redirect another tcp 443 from
the router
to the secondary IP address of the connectra. Is there a working around for
this
with simply only 1 public IP? Does it mean that if I want to use tcp 443 for
both
portal and snx, it is not possible with port redirect? this is what I have
on my
cisco router configuration:
ip nat inside source static tcp 192.168.15.104 443 interface FastEthernet0/0
443
ip nat inside source static tcp 192.168.15.104 444 interface FastEthernet0/0 444
As you can see I can NOT nat port 443 on the router to a different internal
address.
How can I get everything to work via tcp port 443?
2) when using SNX network mode, the snx extender client is installed on the
local
machine. Sometimes, it is not possible because the local does not have
privilege to do so. The solution is to use Application mode (aka java
download).
When I create a network application, I specifically specify "this application
CAN be
used with SSL Network Extender Application Mode". However, after successfully
authenticated to connectra, I can NOT access any resources via connectra.
What
other settings am I missing? Please help.
TIA
cisco4ng
---------------------------------
Yahoo! for Good - Make a difference this year.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
