Re: [FW-1] SecuRemote Create Site Behind Branch Office Tunnel

Tue, 29 Jul 2008 07:26:55 -0700 

hi,
does that mean that you try to run client2site VPN from a location where you already (also) have a site2site VPN? this is always a special setup. 


you should exclude the client-VPN-services (ike, ESK, 
udp-encapsulation-service) from this site2site VPN


br
reinhard

At 15:58 29.07.2008, you wrote:

Greetings,

Have Branch Offices tunneled to UTM-1 Checkpoint SPLAT via [EMAIL PROTECTED]
500 boxes.  All tunnel issues to DMZ, NATing, etc have been resolved,
save one:

Branch Office users can not update or create the UTM-1 site when behind
their [EMAIL PROTECTED] device.
Update/Create of local and other Branch Office [EMAIL PROTECTED] tunneled
sites is OK
Update/Create of Branch Office [EMAIL PROTECTED] sites from tunneled UTM-1 is
OK

UTM-1 logs only show the FW-1_topo being accepted from the Branch
Office, and then nothing else
[EMAIL PROTECTED] logs only show the sending of the FW-1_topo request and then
nothing else
SecuRemote reports "communication with site has failed"
SecuRemote logs show:
SIC error - Client could not connect to server
fwasync_connected_failed: 1340 from exception: The access code is
invalid.

I've created rule allowing all ports that appear to be used by a site
update (determined from UTM-1 logs), just in case and these did not help
either, of course.


Any thoughts or help would be GREATLY appreciated!

=======================
Kim Warden
MPR Associates, Inc
320 King St
Alexandria, VA  22314
Ph:        703-519-0200
Fax:       703-519-0224
Direct:    703-519-0544
=======================

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


--
Reinhard Stich          [EMAIL PROTECTED]
Internet Security AG,      1150 Wien, Johnstrasse 29

Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 



Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================






















					Reply via email to