-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is another of what seems to be an ever ending list of problems
with SecuRemote in recent weeks.
I have upgraded from 4.1 SP1 DES to 4.1 SP2 3DES tonight. In order to
make sure things worked, I backed up my config files, uninstalled,
reinstalled and restored config files (obejcts.C, rulebases.fws etc),
and re-applied the Split/Encrypted DNS mods.
When my SecuRemote users (mixture of 4157 and 4165, all DES) log in,
they are authenticated correctly, but they cannot communicate with
any machines on the network. I can see the nameserver and nbname
packets correctly directed to the DNS and WINS servers in the logs,
but info is not returned to the client. Pinging a machine by IP
address shows the decrypted packet come into the network, but there
is no echo-reply. There have been no routing changes, no changes to
the Pool NAT configuration. The only change is the installation of
the 3DES software and upgrade to SP2.
I have followed all the usual procedures - push the policy out to the
servers, update the site info in SR, but nothing seems to work. It's
almost as though there is no state info to allow the packets back out
to the SR users - but nothing is being dropped (at least not in the
logs).
I have 3 hours to get this fixed, or roll back to SP1. Any ideas?
Craig.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOcgw+4AS1Tpq5ZYvEQJZUgCff22biEC4fiBodz7gRDgZWavdwPAAnj8+
VaCxFXSCNnoI817w8EF4D+Ce
=Vt33
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
