Because of the nature of the inspect that AI is doing, you now need to
add Exchange DCE services explicitly in a rule for site to site or
securemote connections. The lack of these services being specified is
most likely your issue. Add a rule above your current remote access rule
with the DCE services in the service rule.
Frank
-----Original Message-----
From: David Walker [mailto:DWalker AT MERKLENET DOT COM]
Sent: Friday, June 20, 2003 7:43 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] CP NG Secure Remote NG client and MSExchange access
Group,
Yesterday I upgraded the FW to CP NG FP3 from 4.1. For the most part,
everything went well. However, we are having a slight issue with our
remote
users who are using the Secure Remote clients.
For our users that upgraded to the Secure Remote NG client, they can
reach
everything as before, except the email server (Exchange).
For our users who did not upgrade and are still using the Secure Remote
4.1
flavor of client, they can get to the email server, but nothing else.
Now, the email server has a static NAT thru the FW as before and our
users
have a WINS address configured. When logged on to the VPN, they can
ping
internal host by name like george, 10.10.10.5 or ralph, 10.10.10.6, but
when
they try to ping the emailserver, 10.10.10.7, the replies are that of
the
NATd address 129.57.33.5. However, if you use the IP address of the
email
server, 10.10.10.7 to ping, you get replies from it. Since exchange
looks
for a name to connect to, it isn't liking the external IP of the email
server. The quick fix is just to add an entry into everyone's windows
host
file, 10.10.10.7 emailserver. But, my manager isn't liking that
solution.
Any thoughts, do I need to open something else up for Exchange to work
with
the SR NG clients?
Thx,
David
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
