Re: [FW-1] VPN Secureremote routing problem

Subject:	Re: [FW-1] VPN Secureremote routing problem
From:	SIBEL MEREY <SMEREY AT SISECAM.COM DOT TR>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 27 Jul 2004 08:25:04 +0300

** High Priority **

Yes all of them uses Win98 and we are using to an IP address, not DNS name. And 
the user has connecting the internet by dialup modem, so he has not any 
internal network :(


>>> sixsigma44 AT HOTMAIL DOT COM 26.07.2004 17:07:28 >>>
Are the operating systems all the same on each computer? Are you trying to
tracert by IP address or  DNS name? Which version of SecuRemote: the
original R55 release or the R55 HFA02 release? Does an nslookup on the
internal host return the correct IP address?

The reason I'm asking is that XP has this dumb "feature" where it caches
negative DNS responses for 15 minutes, whereas Windows 2000 and earlier did
not.  This was worked around in the R55 HFA02 release of
SecuRemote/SecureClient as long as certain userc.c changes were made.
Obviously if you are using tracert to an IP address, this is not the issue.

Is there any chance this user is behind a home router and the IP address
he/she receives from thier home router is on the same subnet as the internal
host? If so, you'll have to reconfigure thir home router to deliver an IP
address in a different subnet.

Ray

>From: SIBEL MEREY <SMEREY AT SISECAM.COM DOT TR>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] VPN Secureremote routing problem
>Date: Mon, 26 Jul 2004 14:13:49 +0300
>
>** High Priority **
>
>Hello,
>
>We have got an interesting problem. We are using CP FW-1/VPN NG R55.
>secureremote R55 is installed for VPN users. We have formed a group, which
>is composed of 8 users and these users are connecting to the hosts that
>exist in 3 different subnets, separately. One of these 8 users can connect
>2 hosts but he/she cannot connect the other one. When running traceroute
>command in the direction of this host, connection goes no further than ISP
>router and "destination net unreachable" message returns. Connection from
>another machine can be done with free of problems with the same user
>account and same ISP. Is there anybody who has an opinion about this
>matter?
>
>Thanks
>
>Sibel Merey
>Telekomünikasyon Mühendisi
>Bilgisayar Destek Hizmetleri Müdürlü*ü
>Tel : 0 212 350 30 42
>Fax : 0 212 350 40 42
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

_________________________________________________________________
Overwhelmed by debt? Find out how to 'Dig Yourself Out of Debt' from MSN
Money. http://special.msn.com/money/0407debt.armx

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] VPN Secureremote routing problem, SIBEL MEREY Re: [FW-1] VPN Secureremote routing problem, Chris Hoff Re: [FW-1] VPN Secureremote routing problem, Ray Re: [FW-1] VPN Secureremote routing problem, Matt Arntsen Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY <= Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY Re: [FW-1] VPN Secureremote routing problem, Steck, Steffen M. Re: [FW-1] VPN Secureremote routing problem, Ray Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY Re: [FW-1] VPN Secureremote routing problem, Ray

Previous by Date:	Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY
Next by Date:	[FW-1] Routing, Darren Grant
Previous by Thread:	Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY
Next by Thread:	Re: [FW-1] VPN Secureremote routing problem, SIBEL MEREY
Indexes:	[Date] [Thread] [Top] [All Lists]