Hi Reinhard, That's exactly what I am talking about. If i use the primary IP address for my portal service (192.168.15.104) and the secondary IP addres for my SNX-service 192.168.15.103) and they both used tcp port 443, does it mean that I need to public IP addresses to static NAT these to make it work? Is it possible with port redirect with just a single IP and both portal and snx service to use tcp port 443? About the second point, how do I get it to work in application mode? can you show me how? Thanx. TIA
Reinhard Stich <[EMAIL PROTECTED]> wrote: hi, at the moment you need to separate the SNX-service and the portal-service. default this is done using 2 ports on the same IP (443 and 444). what you can do is to use 2 IPs and the same port on 2 different IPs. cheers reinhard At 05:08 30.12.2005, you wrote: >thanks to Reinhard, I can connect to my connectra, via port >redirect, which sit on > my dmz network behind a cisco IOS router running firewall feature > set. I can connect > to the device via SNX mode fine and everything is working great. > > However, as a beginner with this device, I have the following > questions that I need help > from gurus in this forum: > > 1) I would like to tunnel everything including snx via tcp port > 443. Currently, SNX is > using the default port of tcp 444. I can accomplish this using a > secondary IP address > on the primary NIC. My currently IP address of the connectra is > 192.168.15.104 and > I am thinking of using 192.168.15.103 for the secondary IP > address of SNX. However, > because this is my home network and I only have 1 public IP and > that IP is being > used by the Cisco IOS router/firewall, I can redirect port 443 > from the router to > connectra primary IP but I don't think I can redirect another tcp > 443 from the router > to the secondary IP address of the connectra. Is there a working > around for this > with simply only 1 public IP? Does it mean that if I want to use > tcp 443 for both > portal and snx, it is not possible with port redirect? this is > what I have on my > cisco router configuration: > > ip nat inside source static tcp 192.168.15.104 443 interface > FastEthernet0/0 443 >ip nat inside source static tcp 192.168.15.104 444 interface >FastEthernet0/0 444 > > As you can see I can NOT nat port 443 on the router to a > different internal address. > How can I get everything to work via tcp port 443? > > 2) when using SNX network mode, the snx extender client is > installed on the local > machine. Sometimes, it is not possible because the local does not have > privilege to do so. The solution is to use Application mode (aka > java download). > When I create a network application, I specifically specify "this > application CAN be > used with SSL Network Extender Application Mode". However, after > successfully > authenticated to connectra, I can NOT access any resources via > connectra. What > other settings am I missing? Please help. > > TIA > cisco4ng > > >--------------------------------- >Yahoo! for Good - Make a difference this year. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
