Hi, I think you need 'Office Mode' for NAT issues and associated solutions (Visitor Mode, NAT Traversal, ...) And for Office Mode, officially, you need Secureclient.
Sorry for the answer, I know you've waited another one. Regards, -- Fabrice Barutel ------------------------------ Date: Tue, 14 Nov 2006 10:14:18 -0500 From: "P.V.Sankar" <[EMAIL PROTECTED]> Subject: Re: SecuRemote Connectivity Hi, I simulated the conditions in my data center. Now i have the clear picture of what is happening. Using SecuRemote client(Private IP, NATted by a router), my VPN gateway (Routable IP) is authenticating my remote user and getting connected also. After authentication, if i try to access systems which are behind gateway having private IP address, i am getting the following message log in the SmartView Tracker. For this particular example, i opened http service only on my internal system for VPN Remote Access. Origin: My Gateway IP(Routable IP) Action: Decrypt Service: http Source: 192.168.1.2(my remote client) Destination: 192.168.XX.XX(my system which is having remote access from outside, behind gateway) Encryption Scheme: IKE VPN Peer gateway: My client NAT device(Routable IP) Encryption Methods: ESP:3DES+SHA1 Information: service_id:http Now my issue is i am not able to access the systems(Private IP) which are sitting my Gateway, from Remote Clients(Private IP) which are sitting behind some NATting device. I tried in Visitor mode also, same status. I am not using Office Mode, since my vendor told my particular license doesn't support Office Mode. Any help is greatly appreciated Thanks in advance Regards, Sankar On Sat, 11 Nov 2006 19:40:26 +0100, Reinhard Stich wrote > sankar, > check with a sniffer (ethereal) if your vpn-client sends encrypted > packets to your firewall. I see three possible things here - the > client sends encrypted packets to the fw. check if these packets > arrive on your firewall - maybe some filter on the way to your fw > drops the packet - the client sends the packet to a wrong interface of > your firewall - try disabling if-resolving - the client sends the > packets in clear, not encrypted. in this case the client thinks that > he is in your lan - check the IPs again. > > br > reinhard > > ** My mobile email is powered by Nokia Mobile Email solutions ** > ** please 'reply-to-all' when answering... ** > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 on behalf of Juan Concepcion > > Received: Fri Nov 10 20:05:25 CET 2006 > > To: [email protected] > > Subject: Re: [FW-1] SecuRemote Connectivity > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Visitor mode is simply a method of changing how Securemote works. > > There is no additional licensing necessary for it. It simply changes > > how the firewall/client communicate. > > > > Juan > > > > P.V.Sankar wrote: > > > Hi, > > > No, there is no IP Address conflict. I am new to this field.I do > > > not know > > > whether my particular license supports Visitor mode/Office mode. > > > When we > > > purchased the product my vendor told that VPN-1 Pro license > > > includes FireWall- > > > 1, VPN-1, FloodGate and SecuRemote. Since Office mode supports > > > only Secure > > > Client not SecuRemote, i do not know how to proceed now. > > > > > > Thanks > > > Sankar > > > On Fri, 10 Nov 2006 12:56:41 +0100, Reinhard Stich wrote > > >> hi, > > >> check again if you have an IP conflict with the private IP on > > >> your dialup-isp and your encryption domain. try to use > > >> visitor-mode to avoid tunneling problems with our client's ISP... > > >> > > >> br > > >> reinhard > > >> > > >> ** My mobile email is powered by Nokia Mobile Email solutions ** > > >> ** please 'reply-to-all' when answering... ** > > >> > > >>> -----Original Message----- > > >>> From: Mailing list for discussion of Firewall-1 on behalf of > > >>> Mark Williams > > >>> Received: Fri Nov 10 13:03:34 CET 2006 > > >>> To: [email protected] > > >>> Subject: Re: [FW-1] SecuRemote Connectivity > > >>> > > >>> Do you use Office Mode? > > >>> > > >>> Mark > > >>> > > >>> ----- Original Message ----- > > >>> From: "P.V.Sankar" <[EMAIL PROTECTED]> > > >>> To: <[email protected]> > > >>> Sent: Friday, November 10, 2006 9:19 PM > > >>> Subject: [FW-1] SecuRemote Connectivity > > >>> > > >>> > > >>>> Hi, > > >>>> I have VPN-1 Pro R60 Gateway running on Solaris8, Sun 280R platform. My > > >>>> topology is as follows. My Gateway has 3 network interfaces. > > >>>> 1st interface faces to internet with routable IP. 2nd interface faces > > > to > > >>>> our > > >>>> DMZ also with routable IP. 3rd interface faces to our internal network > > >>>> with > > >>>> private IP address(all our internal networks are sitting behind > > >>>> this interface). Using SecuRemote client and dial-up > > >>>> connectivity (routable IP > > >>>> provided by ISP), I could connect to my Gateway & internal systems. But > > >>>> using > > >>>> broadband connection(private IP , sitting behind a NAT device), > > >>>> I am > > > not > > >>>> able > > >>>> to connect to my Gateway and internal systems. On my Gateway, i > > >>>> implemented things like "Support NAT traversal mechanism(UDP > > > encapsulation)", "Support > > >>>> IKE over TCP" etc. There is no IP Address conflict between my internal > > >>>> networks and remote clients. Still i am not able to connect > > >>>> using broadband connection. > > >>>> > > >>>> I request you to kindly help me in sorting out this issue. > > >>>> > > >>>> > > >>>> Thanks in advance > > >>>> Sankar > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Open WebMail Project (http://openwebmail.org) > > >>>> > > >>>> ================================================= > > >>>> To set vacation, Out-Of-Office, or away messages, send an email > > >>>> to [EMAIL PROTECTED] > > >>>> in the BODY of the email add: > > >>>> set fw-1-mailinglist nomail > > >>>> ================================================= > > >>>> To unsubscribe from this mailing list, please see the > > >>>> instructions at http://www.checkpoint.com/services/mailing.html > > >>>> ================================================= > > >>>> If you have any questions on how to change your subscription > > >>>> options, email [EMAIL PROTECTED] > > >>>> ================================================= > > >>> ================================================= > > >>> To set vacation, Out-Of-Office, or away messages, send an email > > >>> to [EMAIL PROTECTED] > > >>> in the BODY of the email add: > > >>> set fw-1-mailinglist nomail > > >>> ================================================= > > >>> To unsubscribe from this mailing list, please see the > > >>> instructions at http://www.checkpoint.com/services/mailing.html > > >>> ================================================= > > >>> If you have any questions on how to change your subscription > > >>> options, email [EMAIL PROTECTED] > > >>> ================================================= > > >>> > > >>> > > >>> > > >>> > > >> ================================================= > > >> To set vacation, Out-Of-Office, or away messages, send an email > > >> to [EMAIL PROTECTED] > > >> in the BODY of the email add: > > >> set fw-1-mailinglist nomail > > >> ================================================= > > >> To unsubscribe from this mailing list, please see the > > >> instructions at http://www.checkpoint.com/services/mailing.html > > >> ================================================= > > >> If you have any questions on how to change your subscription > > >> options, email [EMAIL PROTECTED] > > >> ================================================= > > > > > > > > > -- > > > Open WebMail Project (http://openwebmail.org) > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, send an email to > > > [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, please see the instructions > > > at http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your subscription > > > options, email [EMAIL PROTECTED] > > > ================================================= > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.3 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFFVMup5MTluexDZhIRAsYeAKCsmmVhfVpLeuRKV0MOVqo+jrUbxwCfWW8K > > dbF991BNvco7MiVDZVKf92w= > > =j/eG > > -----END PGP SIGNATURE----- > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, send an email to > > [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, please see the instructions > > at http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your subscription > > options, email [EMAIL PROTECTED] > > ================================================= > > > > > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
