We are testing SecuRemote on mobile users' laptops (Windows NT 4.0 SP4) and are having problems when disconnecting then re-connecting to the ISP. If the RAS connection is broken and immediately re-established then a connection attempt is made to the server in the encryption domain, the SecuRemote client displays a message at the bottom of the window stating key exchange is taking place with the firewall but after about a minute comes up with the error "communication with site X has failed". The current theory is that this is somehow due to the fact that the laptop's IP address changes (as this is provided by the ISP on dial-in). The only way we've found of immediately forcing the user to re-authenticate is by killing the SecuRemote process then restarting it. Erasing passwords from within SecuRemote stops Single Sign On from working from then on, which will confuse the users :-). We've also experimented with authentication settings on the firewall, settings within objects.c (e.g. :userc_bind_user_to_IP (true)), and read the VPN manual several times without much success. We really need a transparent process to force the user to re-authenticate when a new dial-in connection is established. Can anyone help? Thanks, Andy. -------------------- talk21 your FREE portable and private address on the net at http://www.talk21.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
