Re: [FW-1] Using Office Mode from behind additional firewall interface =

Subject:	Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121).
From:	Lior Arbel <zlior AT IL.IBM DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 29 Apr 2004 11:03:13 +0300

Geoff,

You should check the following:

1. Check if the WLAN network addresses exist in your encryption domain. if
yes remove it ! or try to minimize your encryption domain group.

2. check if your client work in connect mode , you will need this to receive
the address from the office mode configuration.

3. if the above will not help send logs or more details



Lior Arbel

Information Security Expert

CCSE, CCSP

IBM Israel



ate: Wed, 28 Apr 2004 15:24:39 -0500

From: Geoff Brisbine <geoffbrisbine AT MI-ASSISTANT DOT COM>

Subject: Using Office Mode from behind additional firewall interface =
Tunnel Test failed (-121).

Greetings, all.

It's my first post to this list, so please bear with me.

We are implementing a WLAN here. The WLAN is sitting on it's own interface

on our R55 SecurePlatform box. Due to the 3-5 minute lag of being able to

ping via WINS name (whether on the WLAN or from home) I decided to use

Office Mode. Most of the WLAN users will also be VPNing in from home via

SecureClient.

When I connect up with SecureClient R55 it tells me Tunnel Test failed

(-121). When I connect up with SecureClient R56 it tells me that it

connected successfully, but it exhibits the identical symptoms to R55. The

symptom is that I am unable to hit anything on the trusted side of our

firewall.

I researched the Tunnel Test Failed message and followed the step in sk10980

but I still got the Tunnel Test failed. I also set the Office Mode to

"Support connectivity enhancement for gateways with multiple external

interfaces" without any luck. Has anyone gotten Office Mode to work from a

separate interface of the firewall (not external)?

I would be happy to provide any additional information or logs.

Thanks!

Geoff Brisbine | Network Administrator

MI-Assistant - A Division of Fiserv FSC, Inc.

26550 West Mondovi Street | Eleva, WI 54738

Phone: 715.287.4262 | Fax: 715.287.4576

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Geoff Brisbine Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Chris Hoff Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Ray Pesek Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Geoff Brisbine Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Lior Arbel <=

Previous by Date:	[FW-1] NOKIA Ip clustering (AI R55) with RSA SecureID ACE Server, Kingsley Chu
Next by Date:	Re: [FW-1] Provider-1 Platform, Beresford, Steve
Previous by Thread:	Re: [FW-1] Using Office Mode from behind additional firewall interface = Tunnel Test failed (-121)., Geoff Brisbine
Next by Thread:	[FW-1] HFA_410 -- mdq stops working!, Joe Matusiewicz
Indexes:	[Date] [Thread] [Top] [All Lists]