We have tested the same with cisco router as NAT device and it works fine. ----- Original Message ----- From: "Andy David" <[EMAIL PROTECTED]> To: "'David Ellis'" <[EMAIL PROTECTED]>; "Fw-1-Mailinglist (E-mail)" <[EMAIL PROTECTED]> Sent: Saturday, May 19, 2001 6:59 AM Subject: [FW1] RE: [fw1-wizards] FW: Secureremote and Nat, any help would be appreciated > > Also , do a nbtstat -a nameofserver on those machines and make sure nothing > is screwy. > A bogus local hosts file? > Do you have a WINS entry in your network card properties? > How about a Trace route to those servers from your remote workstation? ( > Make sure you are allowing ICMP across the firewall) > Are these servers on a seperate subnet not defined on the firewall? > > ( I know it works w/o the NAT box up, but still worth testing if you already > havent) > > > > > > -----Original Message----- > From: David Ellis [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 18, 2001 12:27 PM > To: Phoneboy Mailing List ([EMAIL PROTECTED]) > Subject: [fw1-wizards] FW: Secureremote and Nat, any help would be > appreciated > > > Hi This is Dave again, Let me tell you a little bity more about this issue. > We are not using any form of nat on our firewall or our internal Lan. Every > secureremote user who utilizes FWZ encryption or IKE encryption without > using a nat box at their house works fine. I threw this nat box in my house > and I now have this issue, but if I plug my laptop directly into my internet > connection I get through fine and I can access all the servers including the > 5 I cant access when I utilize my Nat Box. > Thank you > Dave Ellis > > -----Original Message----- > From: David Ellis > Sent: Wednesday, May 16, 2001 4:26 PM > To: Phoneboy Mailing List ([EMAIL PROTECTED]) > Subject: Secureremote and Nat, any help would be appreciated > > Here is my dillemma, I am experimenting with using secureremote at my house > through a linksys cable dsl router which utilizes nat. We now have firewall1 > with service pack 3. I created myself a user on the firewall utilizing IKE > encryption. On my NAT box at home I have ports 500 and 2746 forwarded to my > internal IP home address. I modified users.c on my home system under the > options section with this line - :force_udp_encapsulation (true). On the > firewall I edited Objects.C after the props line with this - userc_NAT > (true) > :userc_IKE_NAT (true) > And on our firewall object I edited this > line - :isakmp.udpencapsulation ( > :resource ( > :type (refobj) > :refname > ("#_VPN1_IPSEC_encapsulation") > ) > :active (true) > ) > I also created a service entitled VPN1_IPSEC_encapsulation utilizing UDP > port 2746. > OK, Now that part is all set, I go home to utilize secureremote on my home > PC. I log in thru the firewall fine using IKE encryption, It runs my login > script fine from our PDC. I can browse network neighborhood and access the > internal servers and workstations, But now this is the problem, I can access > everything fine accept for 5 servers, one is our main fileserver and one is > our mailserver, But I can access every other server on our lan including our > PDC and BDC's. I try to ping them, the name resolves but no replies. I try > to get to them through network neighborhood and it says network path cannot > be found. It is the wierdest thing. Any suggestions or help would be greatly > appreciated. I must of spent about 30 hours on this so far, on my own time. > And I am logging into the domain fine cause I can access everything else > with my appropriate rights. > Thank you for any assistance you can give. > > > Sincerely, > David Ellis > Systems Engineer > > Tecnomatix - Unicam Inc. > Two International Drive - Suite 150 > http://www.tecnomatix-unicam.com > 603.766.9664 Tel (Direct) > 603.765.3341 Mobile > 603.431.9516 Fax > > > > > --------------------------------------------------------------------- > This email came from the FireWall-1 Wizards Mailing List. > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
