Try giving the Address pool for Office mode strange and not at all related
to your setup , since the firewall thinks it is from the same subnet.
Bala
-----Original Message-----
From: Can2002 [mailto:notleyc+maillists.checkpoint AT FASTMAIL DOT FM]
Sent: Tuesday, July 01, 2003 1:08 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Office Mode & Tunnel Test
I've been building a test environment to replicate a clients Secure
Client problem with Office Mode. Having successfully configured Secure
Client without Office Mode, they wanted to enable the feature to simplify
their WAN routing problems for remote clients.
The problem they experience is that when connecting, they receive a
message saying the 'tunnel_test' failed. Having searched through Secure
Knowledge I found article sk13014 which seemed to describe exactly the
problems they were exeperiencing, albeit it was based on FP2 whereas they
are on FP3. The example topology the article gives is shown below:
Server (encryption domain)
192.168.2.100
|
|
192.168.2.1
FireWall-1 NG FP2 (management/firewall module)
10.0.5.2
|
|----------10.0.0.254 (Internet Router)----------Internet
|
10.0.5.1
Router
192.168.1.1
|
|
192.168.1.100
SecureClient NG FP2
The address pool configured for Office Mode in the article's example is
192.168.7.0/24. When the client PC connects it makes a test connection
on UDP/18234, which the firewall attempts to respond to, but with no
explicit route for the 192.168.7.0/24 network, it attempts to route the
packet via its default gateway, which is the problem.
In the article it explains that the solution is to place a network route
on the firewall for the Office Mode subnet (192.168.7.0/24) pointing at
the remote router (10.0.5.1) in the example above. I've been able to
replicate something similar in my test lab, which was fixed by following
the article.
My problem; however is that their solution seems to rely on ALL remote
secure client PC's connecting through the same gateway, whereas their
remote clients are connecting through various ISPs across Europe, hence a
single static route cannot be created.
Am I missing the point here???
Cheers,
Chris
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
===========================================================
Disclaimer: The information in this email and in any files Transmitted with it
is intended only for the addressee and may contain confidential and/or
privileged material. Access to this email by anyone other than the intended
recipient is unauthorized. If you receive this in error, please contact the
sender immediately and delete the material from any computer. If you are not
the intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on it, is strictly prohibited and Abu
Dhabi Company For Onshore Oil Operations (ADCO) is not responsible for any
consequence from such unauthorized usage. Statement and opinions expressed in
this e-mail are those of the sender, and do not necessarily reflect those of
Abu Dhabi Company For Onshore Oil Operations (ADCO).
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
