hi,
at the moment you need to separate the SNX-service and the portal-service.
default this is done using 2 ports on the same IP (443 and 444). what
you can do is to use 2 IPs and the same port on 2 different IPs.
cheers
reinhard
At 05:08 30.12.2005, you wrote:
thanks to Reinhard, I can connect to my connectra, via port
redirect, which sit on
my dmz network behind a cisco IOS router running firewall feature
set. I can connect
to the device via SNX mode fine and everything is working great.
However, as a beginner with this device, I have the following
questions that I need help
from gurus in this forum:
1) I would like to tunnel everything including snx via tcp port
443. Currently, SNX is
using the default port of tcp 444. I can accomplish this using a
secondary IP address
on the primary NIC. My currently IP address of the connectra is
192.168.15.104 and
I am thinking of using 192.168.15.103 for the secondary IP
address of SNX. However,
because this is my home network and I only have 1 public IP and
that IP is being
used by the Cisco IOS router/firewall, I can redirect port 443
from the router to
connectra primary IP but I don't think I can redirect another tcp
443 from the router
to the secondary IP address of the connectra. Is there a working
around for this
with simply only 1 public IP? Does it mean that if I want to use
tcp 443 for both
portal and snx, it is not possible with port redirect? this is
what I have on my
cisco router configuration:
ip nat inside source static tcp 192.168.15.104 443 interface
FastEthernet0/0 443
ip nat inside source static tcp 192.168.15.104 444 interface
FastEthernet0/0 444
As you can see I can NOT nat port 443 on the router to a
different internal address.
How can I get everything to work via tcp port 443?
2) when using SNX network mode, the snx extender client is
installed on the local
machine. Sometimes, it is not possible because the local does not have
privilege to do so. The solution is to use Application mode (aka
java download).
When I create a network application, I specifically specify "this
application CAN be
used with SSL Network Extender Application Mode". However, after
successfully
authenticated to connectra, I can NOT access any resources via
connectra. What
other settings am I missing? Please help.
TIA
cisco4ng
---------------------------------
Yahoo! for Good - Make a difference this year.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich ASSIST [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
