Re: [FW-1] VPN over GPRS network

Subject:	Re: [FW-1] VPN over GPRS network
From:	"MAINGUENE, Anthony" <a.mainguene AT BOUYGUES-CONSTRUCTION DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 27 Apr 2004 11:42:09 +0200

Hi.

Here is to parts of the solution :
1) set Properties->Resolve_Interface_Ranges=False on your Management Server
(using GuiDBEdit) in order that Secureclient does not try to connect to the
Internal Part of the firewall, and perform an update site on your
Secureclient after updating policy.
2) set a translation rule on your VPN gateway : SRC:GPRS_IP_Range
DST:ENC_DOMAIN(10./8) xSRC:GATEWAY_PRIVATE_IP xDST:same

Regards,

Anthony MAINGUENÉ
Security, Networks and Telecoms Architect
Structis Bouygues Construction
phone: +33 1 30 60 42 38
fax  : +33 1 30 60 23 77

-----Message d'origine-----
De : David Wellington [mailto:justneed2 AT GO4 DOT IT]
Envoyé : jeudi 22 avril 2004 10:49
À : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Objet : [FW-1] VPN over GPRS network

Hi All,

We use SecureClient NG FP3 with the same version of Policy Server,
Checkpoint NG FP3 running on Nokia platform IPSO 3.5.

we are able to establish VPN tunnel using PSTN and broadband, we have made
sure thataddress scheme usedwithin the encryption domain namely 192.168.x.0
DMZ 10.x.0.0 remote office1 10.y.0.0 remote office2 10.z.0.0 remote office3

is different from a remote NATed address for instance in the case of
broadband, With the GPRS i have spoken to 02-GPRS provider, they have
enabled APN which facilitates the use of a third party VPN product like
Secureclient. The virtual adapter created by the Wireless GPRS card binds
with Secureclient, we are able to browse the internet, but when we try the
secureclient we are unable to establish a tunnel, we get errror
communicating with gateway, or communcation with gateway failed, with no
logs, i am able to ping the external interface of the Firewall,

Bear in mind the GPRS card dynamically assigns a 10 address range different
from the range listed above, and we are NATed to a public 193.113.x.t
address. In the rulebase we have explicit rules allowing traffic from the
193.113.x.0 network, there's no static routing enabled or Network address
translation, please has any1 any ideas for the way forward, as i keep
hitting a stumbling block

thanks All

Desh
This message was sent using Go4.it Webmail. To register your own FREE Go4.it
Webmail account, please Click Here!

Go4.it is the UK's fastest growing Search Engine with an integrated Business
Search facility and extensive Travel Portal.
We also provide UK Broadband at incredibly competetive prices.

Visit Go4.it now >> www.Go4.it.



=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

                               --------------------
Les donnees et renseignements contenus dans ce message sont personnels, 
confidentiels et secrets. Toute publication, utilisation ou diffusion, meme 
partielle, doit etre autorisee. Si vous n'etes pas le bon destinataire, nous 
vous demandons de ne pas lire, copier, utiliser ou divulguer cette 
communication. Nous vous prions de notifier cette erreur a l'expediteur et 
d'effacer immediatement cette communication de votre systeme.

Any data and information contained in this electronic mail is personal, 
confidential and secret. Any total or partial publication, use or distribution 
must be authorized. If you are not the good addressee, we ask you not to read, 
copy, use or disclose this communication. Please notify this error to the 
sender and erase at once this communication from your system.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] VPN over GPRS network, David Wellington Re: [FW-1] VPN over GPRS network, MAINGUENE, Anthony <=

Previous by Date:	Re: [FW-1] Automatic Creation of Network objects, Carlos Infante
Next by Date:	Re: [FW-1] Automatic Creation of Network objects, Hiroshi Kubo
Previous by Thread:	[FW-1] VPN over GPRS network, David Wellington
Next by Thread:	[FW-1] Office mode, ipassignment.conf and radius authentication., RISPAL Yannick - NTR ( YRispal AT nanterre.sema.slb DOT com )
Indexes:	[Date] [Thread] [Top] [All Lists]