We have tried many cases as well with similar configuration as you. But no luck, still not working.
SecuRemote NG (internal IP) --> Wingate (Valid IP) --> Internet --> (Valid IP of Firewall) CP fw-1 v4.1 sp5 (Internal IP) [Hide Mode] [IP pool] --> Web Server (Internal IP). We have been testing the above configuration with IKE, FWZ, IP Pool, no IP Pool and Encapsulation. Enable force IKE with encapsulation - Network connectivity error, the connection was dropped by fw-1. Others had results - key exchanged, no response with further logs. Any help will be highly appreciated. Terry ----- Original Message ----- From: "Cryptotech" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 26, 2002 7:48 AM Subject: Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails > Is the network at the client side the same as the one "inside" the firewall? > > ----- Original Message ----- > From: "Gorton Dean" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 25, 2002 1:50 PM > Subject: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails > > > > I've set-up an IP NAT pool for SecuRemote connections coming into my > > company. This is working fine for most users and the log viewer shows the > > incoming data being decrypted and NAT'ed. I've verified the NAT is taking > > place using a packet sniffer on my internal network. > > > > HOWEVER, If I set this up for a remote ADSL user who's ISP is providing > them > > with a NAT'ed IP address, it fails. In the log viewer I still see the > > incoming data being decrypted and then NAT'ed using my predefined IP NAT > > pool of addresses for incoming SecuRemote connections. > > > > BUT, If I put a packet sniffer on my internal network now I can see that > the > > data has the original source IP address and has not been NAT'ed by my > > firewall at all! IT IS LYING. > > > > My question, Why is the FW-1 NAT for SecuRemote connection only working > for > > machines with a legal address who don't need it and not for users sitting > > behind a client side NAT'ed router? > > > > I'm running CPFW-1 4.1 sp5 on a Solaris platform and SecuRemote 4.1 sp5 > > build 4199. SecuRemote is configured to use IKE encryption and is forcing > > UDP encapsulation on both machines as per phoneboy article > > "http://www.phoneboy.com/docs/secureclient-nat.pdf"; > > > > Any help will be greatly appreciated, > > > > Dean Gorton > > Senior Network Analyst > > > > * +44 20 7843 4775 > > * [EMAIL PROTECTED] > > > > * Macmillan Limited, > > The Macmillan Building > > 4 Crinan Street > > London, > > N1 9XW, > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
