We were also having similar problem, the servers which were in directly connected subnets of the Firewall could be accessed but the servers which were in subnets 2 / 3 hops away from the firewall could not be accessed. We tried IP pool NAT but it didn't work. So we used manual source NAt.
VPN users IP >>> (Servers not in directly connected subnet) >> (some private pool) >> (Servers not in directly connected subnet) Regards, DC On 5/23/06, Ray <[EMAIL PROTECTED]> wrote:
Are they using PPPoE with ADSL? PPPoE adds eight bytes to the packet size causing fragmentation. The fix is to decrease the MTU on the client to 1492 or less. The most common symptom of this is the ability to authenticate but not access anything. Ray >From: Shiroma Dassanayake <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: [FW-1] secure remote users cannot access target servers in VPN >domain >Date: Mon, 22 May 2006 03:35:05 -0700 > >Dear all > > We have secure remote users connecting to servers in our VPN domain. >However some of our secure remote users are experiencing problems >connecting to the target servers in the VPN domain. These particular secure >remote users are able to download the site and are authenticated as well, >but, after authentication, are unable to access the target servers in the >VPN domain. > > My VPN domain is configured as a group of network objects that comprise >several networks. > > Can anyone shed any light on this? Any help would be much appreciated. > > Thanks and regards > Shiroma > > >--------------------------------- >Sneak preview the all-new Yahoo.com. It's not radically different. Just >radically better. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Regards, dhananjoy India. GSM # : 091-9899602123 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
