Hello Chaps, I'm seeing quite an interesting problem w.r.t SecuRemote. I'm running a StoneBeat pair running v4.1 of Firewall-1 with SR Client's of build 4165. I'm actually going to a licensed address of one of the pair's. This is not the external IP, it's an Internet routable Stonebeat /Firewall-1 licensed address. I can create the IKE topology, but the problem is when I'm trying to access a box in the encryption domain. The user matches the Firewall-1 object with a VPN & Firewall-1 Password. I have Policy Properties set to accept Firewall-1 Control Connections hence the need not to have IKE etc. set in a rule. I have the appropriate SR defined. Note that we have fairly tight Router ACL's - these are open to destination ports tcp 264, 256, 259 and udp 259, 500 and 2746. Anyhow all appears correct, I've attempted it in various environments - local LAN, dialup accounts with differing ISP's etc. so ruling out NAT. I've thought about using FWZ or using a secondary IP on the External Interface to NAT through to the Management Station to pull down the topology. Not sure where to go. Any pointers? Thanks, TC Security Engineer _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
