Greetings! I'm new to the board. I currently set up an IP530 Firewall-1 for my site. Here's the problem:
I have remote clients that VPN into the firewall, they have success reaching my internal network (192.168.1.0/24). When they come in they are given an internal address (192.168.2.0/24) from a NAT pool I set up. We have another network to Los Angeles (192.168.15.0/24) that we currently VPN to with our Shiva box. We also have a VPN tunnel via our Firewall-1 to another partner company with a Firewall-1 as well. The remote clients cannot get to the other networks (192.168.15.0/24 and 10.0.0.0/24) we VPN to. I have set up static routes through Voyager to route the appropriate IP blocks. In my policy editor, I have "remote clients" as the source, "any" as destination, "any" as service, "client encrypt" as action, and installed on my firewall. My question is this: when remote clients VPN to our firewall, why can't they VPN back out to say our other network (192.168.15.0/24) or our partner company (10.0.0.0/24), which we already have VPN tunnels to? My internal hosts here can access the 192.168.15.0/24 network as well as the partner company 10.0.0.0/24. However, the remote clients cannot, even though in the policy editor their IP range is included in the domain to be trusted. Any help would be greatly appreciated! Thanks, Kawin ___________________ Kawin Boonyapredee Network Specialist VNU REI Group (914) 684-5509 [EMAIL PROTECTED] ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
