So when you connect remotely to a box behind the central gateway, the remote
IP shows up as the Office Mode address?
But when you connect to the central gateway remotely and go to a box behind
the Nokia using the site-to-site VPN, the remote IP shows up as the IP
address assigned by the ISP?
Does the box running X behind the Nokia know how to route the ISP source IP
address back to the central gateway or will it route the source IP address
back to the Nokia gateway?
My guess is it's routing the return traffic to the Nokia and not through the
site-to-site VPN with the central gateway, bu that certainly does not
explain why the Office Mode IP is not being seen behind the Nokia. Maybe
it's a clue, though.
Ray
From: [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Secure Remote problem
Date: Mon, 6 Mar 2006 11:31:14 +0000
Thanks for the replies.
I should have been more specific. I do have a rule to allow X back but the
problem is I can't even ping my client?
Thanks,
Huiqi
Ronny Nussbaum
<[EMAIL PROTECTED]
AIL.COM> To
Sent by: Mailing [EMAIL PROTECTED]
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Secure Remote problem
POINT.COM>
03/03/2006 20:43
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
@AMADEUS.US.CHECK
POINT.COM>
Or you can make "X11" part of the "Any" group:
-Policy menu
-Global Properties
-SmartDashboard Customization
-Stateful Inspection
-Check "reject_x11_in_any"
-RoNNY
On 3/3/06, Reinhard Stich <[EMAIL PROTECTED]> wrote:
> hi,
>
> X11 ist not part of the "any"-service - so please make a rule where
> you allow X11.
>
> cheers
> reinhard
>
> At 17:32 03.03.2006, you wrote:
> >I'm not sure if I've misunderstood something (not the first time), or
what
> >else. Here is my problem:
> >
> >Configuration: one central gateway, and one Nokia enforcement module.
Both
> >managed by the same smartcentre. Both on NG R55, running Traditional
Mode
> >VPN. There is a site-to-site VPN between the two. Office Mode
configured
> >on central gateway.
> >
> >Problem: Connecting to the internal systems behind the Nokia - no
problem.
> >But I can't display back X, or even ping the client.
> >
> >I can connect to the central gateway and display back/ping the client
> >without any problems.
> >
> >I noticed that when I connect to a system behind the central gateway
> >(telnet), I can see the IP address of the client is the office mode
> >address.
> >
> >However, connecting to a system behind the Nokia, the IP address is not
the
> >office mode address but the one assigned by the ISP router.
> >
> >The firewall rules appear to be OK, but the problem is the point above
(the
> >office mode address isn't shown up).
> >
> >Any hints?
> >
> >Many thanks.
> >
> >Huiqi Liu
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> --
> Reinhard Stich ASSIST [EMAIL PROTECTED]
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
