Look on your installation disc for the VPN.pdf documentation file, it has a full section for SSL Network Extender under "Remote Access". It is really easy to follow.
Regrading your connectivity issues, bare in mind SNX uses Office Mode to assign IPs to the users getting connected. Also Sal is right regarding possible routing issues, if the pool used for the SNX users overlaps with anything on your internal or DMZ networks, you will for sure have problems with the returning packets. Regards On Mon, Jun 9, 2008 at 10:08 AM, Previtera, Sal <[EMAIL PROTECTED]> wrote: > The SSL address pool "SHOULD NOT be" part of any of your Internal, DMZ > or External networks. IP address from the pool will get assigned to the > user upon connection. > > Also have to define a group containing all your internal, DMZ networks > maybe use a name called My_VPN_Domain_nets, > this group will be used in the TOPOLOGY page "VPN domain" > Manually defined and enter the group you have just created. > > > Last, make sure you have routes defined in your Cluster gateways > pointing to the Internals or DMZ networks...if not directly connected. > > > I hope it helps... > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Guy > Verreault > Sent: Monday, June 09, 2008 10:16 AM > To: [email protected] > Subject: [FW-1] Question about SSL Extender configuration > > Hello, I have a cluster of two SPLAT R65 with the smartcenter running on > a > Windows 2003 Server. We would like to permit remote access using the SSL > > Extender. So, I just ask a evaluation license and try to test it but I > can't figure how to make it work. > > I have to say before that I don't have a big experience in VPN. But here > > the problem: > > The external cluster adress is a public address XXX.XXX.XXX.9, each > cluster member have the adress XXX.XXX.XXX.7 and XXX.XXX.XXX.8. > The internal cluster adress is 192.168.1.2 and eache cluster member have > > the adress 192.168.1.3 and 192.168.1.4. > > These adresses are connected to a router and the adress uses inside our > network are 172.16.48.0/255.255.240.0 > > I setup a Radius authentication and that part function well. I use it to > > authenticate user accessing Internet and for users which will use the > SSL > extender. > > When I connect to the SSL Extender, https://XXX.XXX.XXX.9 I enter my > credentials and logon successfully. The VPN connect but I'm unable to > access anything. So, I tried to use a adress pool for the remote users, > I > tried with 192.168.1.X adress and with 172.16.48.X adress but without > success. > > How should I setup that? Which address am i suppose to use? > > When the VPN is established, if I then try to access a Internal Web > Server, I can see in the tracker my request (ex: 192.168.1.8 > --->172.16.48.22) with the decrypt action, but I can't connect. I see > nothing blocked in the traker. > > What am i missing? Can someone of you help me? > > If you need more information, don't hesitate to ask. > > I repeat, I don't know a lot about VPN configuration, so, I thiought > using > SSL Extender would make it simple for me, but it seems thats is not > simple > enough :-) > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
