Are you running NG or 4.1? If NG you should try to set up office mode on the firewall and then put his client in connect mode. This will give you the ability to give the firewall a range of IP addresses to remote users (DHCP style) and anytime a user connects they get one of these IPs then you can set your rules based on a set of known IP Addresses. the process is fairly easy to set up but you must follow the instructions to the letter. There is a SecureKnowledge article on this that was a great help. I do not know the article number off hand but do a search for "Office Mode setup" and it should pop-up.
Chris. -----Original Message----- From: RBHATIA [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 1:33 PM To: [EMAIL PROTECTED] Subject: [FW-1] Question about Securemote client configuration I'm running VPN-1 on my firewall - I would like to restrict a particular VPN user to a specific source IP. The user is on a DSL connection using a private addressing scheme - 10.10.10.x /24 while our private addressing scheme is 10.0.0.x /24. I created a rule that would allow the user access from the source (public) IP that his ISP gives him when he connects to the Internet (let's say 24.1.1.1) e.g. Source: [EMAIL PROTECTED] - Dest: Myserver - Service: Any - Client Encrypt When the user authenticates with Securemote, it all goes through fine. The problem occurs when the user tries to connect to the server - the source IP I see in the log is his private IP address rather than his public IP and therefore the packet gets dropped. Why is it that I can see his private IP instead of his public IP ? And how do I tweak my rule so that the user's VPN account is bound to his source IP ? SHould I be using his private IP as the Source IP ? ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
