Mailer: SecurityFocus In-Reply-To: <[EMAIL PROTECTED]>
I have similiar setup using PacHell PPoE and I can VPN in using SecuRemote no problem. On the home LAN I am behind a Linksys DSL router. My work firewall is FW-1 4.1 sp3 running on a Solaris box and using IP NAT Pool. In addition to things to check for below I would also check that your home LAN and your encryption domain behind the Nokia don't overlap, that is it's not the same internal IP scheme. If you are using IP NAT Pool make sure you have a route back to the IP NAT Pool network. And double check that you have enabled IPsec passthru on the Netgear. >Received: (qmail 3424 invoked from network); 26 Oct 2001 22:59:55 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.26) > by mail.securityfocus.com with SMTP; 26 Oct 2001 22:59:54 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 058F88F40C; Fri, 26 Oct 2001 15:53:56 - 0600 (MDT) >Mailing-List: contact security-basics- [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:security- [EMAIL PROTECTED]> >List-Help: <mailto:security-basics- [EMAIL PROTECTED]> >List-Unsubscribe: <mailto:security-basics- [EMAIL PROTECTED]> >List-Subscribe: <mailto:security-basics- [EMAIL PROTECTED]> >Delivered-To: mailing list security- [EMAIL PROTECTED] >Delivered-To: moderator for security- [EMAIL PROTECTED] >Received: (qmail 15394 invoked from network); 26 Oct 2001 21:29:39 -0000 >Subject: Re: Secure Remote over PPoE VPN >To: "Vachon, Scott" <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] >X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 >Message-ID: <OFD9D9DEA2.EA11F7D0- [EMAIL PROTECTED]> >From: [EMAIL PROTECTED] >Date: Fri, 26 Oct 2001 17:29:21 -0400 >X-MIMETrack: Serialize by Router on US- NEWYORK-GRPHUB/SRV/LVMH(Release 5.0.5 |September > 22, 2000) at 10/26/2001 05:28:40 PM >MIME-Version: 1.0 >Content-type: text/plain; charset=us-ascii > > >Vachon, > >I have a setup almost identical with remote users using Verizon DSL with >the exceptions of static IPs on the clients. >Several things to check for; >Do you have an IP pool setup for these VPN users, >Do you have multiple segments that the VPN users are trying to access and >if they're crossing routers do these routers know how to direct traffic for >the VPN users, >Check your FW Net objects and make sure that the remote users can access >the segment/s in your LAN; >Remember, encrypt rules should be before any stealth and general deny >rules, > >Look through the documentation, as far as I've experienced there is no >issue with Verizon DSL and Securemote VPN users. > >Hope this helps, > >Jose N Ramirez >LVMH SSC >19 E 57th St. >New York, NY 10022 > > > > > > > > > > > "Vachon, Scott" > <Scott.Vachon@Payme To: [EMAIL PROTECTED] > ntech.com> cc: > Subject: Secure Remote over PPoE VPN > 10/25/2001 01:28 PM > > > > > > >I am evaluating the following VPN solution and have encountered a problem: >Once the Secure Remote client is authenticated on a Nokia Firewall-1, the >remote workstation/laptop fails to communicate with the Corporate LAN (no >internal server access, no pings of ip addresses, etc). > >Configuration info of clients: >Win 2k w/ latest service pack and patches. >Laptop are Toshiba Tecra 8000 >Checkpoint VPN-1 Secure Client v 4.1 SP-3 3DES build 4176 using IKE >Netgear RP-314 (NAT) >Verizon DSL with PPoE > >IP statically assigned on remote users LAN. DNS specified as Verizon DNS >ip. >Nokia firewall logs show authentication (of user 's Verizon assigned DHCP >WAN IP ) and key exchange but, nothing else. > >Questions: > >1) Has anyone been successful with a similar setup? >2) Has anyone been successful running VPN via Verizon DSL? >3) Has anyone been successful running VPN via Verizon DSL without NATting >behind a SOHO router ? > >TIA. > >~S~ > > >"We have it in our power to begin the world anew...America shall make a >stand, not for herself alone, but for the world," from Common Sense, >published January 1776 , by Thomas Paine. > >"Any comments or statements made are not necessarily those of the firm, its >subsidiaries or affiliates" > > > > > > > >