-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Te res says to add the natted IP to your topology for the FW and enable dynamic interface resolving for remote VPN clients.
- -GS - -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of carlopmart Sent: Friday, February 17, 2006 3:37 PM To: [email protected] Subject: Re: [FW-1] Problems with a natted firewall NGX I have tried to change private IP published by fw for public router IP in Userc.C Securemote client config without success. When cient connects to fw, userc.c is overwritted. gary, i find this morning this solution from checkpint's website, but I can not have enterprise acces. Can somebody send me please this solution via email??? At this moment, this problem turns very urgent. Thanks. Gary Scott wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Better yet check out CP res. sk11682 > > - -GS > > - -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of chkp > tech > Sent: Friday, February 17, 2006 2:41 PM > To: [email protected] > Subject: Re: [FW-1] Problems with a natted firewall NGX > > If changing the userc_IKE_NAT value didn't solve your problem, then I'd > suggest you get an fw monitor and an ike debug from the gateway. With > the > ike debug you'll be able to see where in the process IKE fails and why. > You > might be able to see from the fw monitor which packet IKE fails with. > > > 1) To debug ike, run the command: > vpn debug ikeon > > 2) To turn on fw monitoring, run the command: > fw monitor -o mon.out > > 3) To bring the tunnel back up > Send traffic across the tunnel to initiate the tunnel > > 4) To stop the fw monitor, run the command: > ctrl + c to stop the fw monitor > > 5) To turn Ike debugging off, run the command: > vpn debug ikeoff > Review the ike.elg with wordpad and the fw monitor with ethereal. > > Jason > > > On 2/17/06, carlopmart <[EMAIL PROTECTED]> wrote: > >>Hi all, >> >>i am trying to setup a vpn for securemote clients. My firewall is a >>NGX HF02 under RHEL 3. This firewall is natted by ADSL router. Under >>Smartcenter server I have activated UDP encapsulation (NAT traversal) >>to establish vpns betwwen natted securemote clients and this firewall. >>Well, this configuration does not works for me. >> >>Under SecuRemote userc.C config file I see this params: >> >>: (VPNHome.isildur >> :obj ( >> : (192.168.67.193) >> ) >> :keymanager ( >> :type (refobj) >> :refname ("#_VPNHome") >> ) >> :allowed_interface_ranges ( >> : (192.168.67.193 >> :allowed_range ( >> : ( >> :type >>(machines_range) >> :ipaddr_first ( >>0.0.0.0) >> :ipaddr_last ( >>255.255.255.255) >> ) >> ) >> :is_ext (true) >> :is_natted (false) >> ) >> ) >> :resolve_interface_ranges (true) >> :ifaddrs ( >> : (192.168.67.193) >> : (172.16.76.6) >> : (192.168.100.65) >> >>In this securemote configuration you will see this: is_natted >>(false). How can I change this param under firewall, because is a >>natted device ?? Do i need to use IKE over tcp to change this value?. >> >>Thanks for your help. >> >>-- >>CL Martinez >>carlopmart {at} gmail {d0t} com > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 2.0.5 > > iQEVAwUBQ/YsVFISzo1jkIXNAQg+Egf/TC40m6PXVHo3KnyqvKpCBPM9UHLARw21 > zS0FgArdRebCkdUvz6Yitoo/mK9BP/DK3xTnOTmwhbnJm0LQB2H9hAQcr12qRu00 > uPdrq3C5avKsJZUYJTBt/gd2iEMqFplXWDZA0SPMeXYcXTjDRhNN/tZO1u0x4lj8 > mOuGlMkdn37kBLkVg7n/QEgwOwZzq3f1GaHK43gz7pjX1wlBtXRSsTtIvR+anaXK > 81HB4NmPAnoC1tdoRRdAepzmbdjeDxJCDVKBjSj8IprPgqPd8yIXZ1jgRWX9jZiU > d/BT7zdqTAQkQ3K0+KGIG6uc1jnIXw7XigphHPlcn3eooRbTzNKK0w== > =yo5u > -----END PGP SIGNATURE----- > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > - -- CL Martinez carlopmart {at} gmail {d0t} com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= -----BEGIN PGP SIGNATURE----- Version: PGP Universal 2.0.5 iQEVAwUBQ/Y9glISzo1jkIXNAQjBZwgAp7yN4V2JrSq6HNXT9L0Qq9BUvoj16AEk BBHXrmnr6E3VFHykieJpbF7wb6TajFM3jeQzLmH5AMmM1JA63Zsh/8A3JLoR8r4Q SR8935/+Khk8tNjVZF4DC2QHf/FpBbC+EdsfKu6+pvyU/Yn3frhheuUJNEu9WQBU 3n+rzQxmVeoJQrpwoE4cKOzVFLiW+fomW4PY/AMOT6TcJ8zPjYAfzte4lA5jS7fY IfyPnYxFCNapofpFt4vAIAzrMq1zx0SBttXuZAqg1Lzb3UnkRzPQ/y/HctGnCSVS Qe8fHqNmzzWVRpOUT4oECOpjfnHBWH4PW/Y7RVCQzGore1d7UYsczw== =gEpl -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
