Are the operating systems all the same on each computer? Are you trying to
tracert by IP address or DNS name? Which version of SecuRemote: the
original R55 release or the R55 HFA02 release? Does an nslookup on the
internal host return the correct IP address?
The reason I'm asking is that XP has this dumb "feature" where it caches
negative DNS responses for 15 minutes, whereas Windows 2000 and earlier did
not. This was worked around in the R55 HFA02 release of
SecuRemote/SecureClient as long as certain userc.c changes were made.
Obviously if you are using tracert to an IP address, this is not the issue.
Is there any chance this user is behind a home router and the IP address
he/she receives from thier home router is on the same subnet as the internal
host? If so, you'll have to reconfigure thir home router to deliver an IP
address in a different subnet.
Ray
From: SIBEL MEREY <SMEREY AT SISECAM.COM DOT TR>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] VPN Secureremote routing problem
Date: Mon, 26 Jul 2004 14:13:49 +0300
** High Priority **
Hello,
We have got an interesting problem. We are using CP FW-1/VPN NG R55.
secureremote R55 is installed for VPN users. We have formed a group, which
is composed of 8 users and these users are connecting to the hosts that
exist in 3 different subnets, separately. One of these 8 users can connect
2 hosts but he/she cannot connect the other one. When running traceroute
command in the direction of this host, connection goes no further than ISP
router and "destination net unreachable" message returns. Connection from
another machine can be done with free of problems with the same user
account and same ISP. Is there anybody who has an opinion about this
matter?
Thanks
Sibel Merey
Telekomünikasyon Mühendisi
Bilgisayar Destek Hizmetleri Müdürlüðü
Tel : 0 212 350 30 42
Fax : 0 212 350 40 42
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Overwhelmed by debt? Find out how to ?Dig Yourself Out of Debt? from MSN
Money. http://special.msn.com/money/0407debt.armx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
