>At 11:58 AM 1/24/2002, Shawn Kearley wrote: >I am attempting to configure UDP encapsulation for SecuRemote...
Hi Shawn, Something similar happened to one of my customers recently. It's my opinion that "local interface address spoofing" is erroneously listed. Call it instead a symptom that the encryption service is not communicating well with the firewall service. This is probably a configuration error. Check to make sure that the SecuRemote rule specifies the destination, not just "Any". In your edited objects.C file, make sure that the :active (true) tag was added inside the parenthesis for the :isakmp.udpencapsulation section. The Phoneboy FAQ isn't 100% clear on this. If worst comes to worst, CheckPoint support is pretty good at walking you through a clean set up for SecuRemote. You might also want to consider upgrading to a more recent FW-1 service pack, although I doubt it will solve this particular problem. Regards, -Jim MacLeod At 11:58 AM 1/24/2002, you wrote: >I am attempting to configure UDP encapsulation for SecuRemote as specified >in the PhoneBoy FAQ, to try and get a vendor VPN connection working from >within their network and am experiencing a problem that I hope someone here >can help with. > >After modifying objects.C as specified in the document, and sending a new >userc.c file to the vendor, when he connects to our network, I see the >successful authentication, and am initial Decrypt packet for the connection >he is attempting , however he is still unable to connect to the internal >resource on our network. > >When I look in the Firewall logs I see the following packet > > Action: Drop > Service: VPN1_IPSEC_encapsulation > Source: my firewall's internal Interface > Destination: Vendor's Internet address > Protocol: UDP > Rule: 0 > Info: reason: local interface address spoofing > >I have tested the VPN connection from an ADSL router connected directly to >the Internet and did not experience any VPN problems. I do not have any >anti-spoofing rules enabled on any of the Firewall's Interfaces, (All >interfaces allow ANY addresses.) > >Any ideas on why this may be happening, and what if anything I may be able >to do to correct this. > >I am running FW1 4.1-SP4 on WinNT 4.0 sp 6a > >Thanks >Shawn > > > > >====================================== >Shawn Kearley >Infrastructure Analyst >Newfoundland Power Co. Ltd. > >Phone: (709) 737-5724 >Fax: (709) 737-5832 >Email: [EMAIL PROTECTED] > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= Jim MacLeod Independant FireWall-1 and network security consultant [EMAIL PROTECTED] 408-956-9983 ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
