Your NAT is probably OK. Do you have a static route on the gateway so it
knows how to route the 10.9.xxx.xxx traffic to the next hop internal router?
Do your internal routers know to send all 10.9.xxx.xxx traffic back to the
gateway?
Which version of SecureClient? Are you using SCV? What do your desktop
security rules look like?
Normally you cannot ping the gateway unless you add a rule to allow it. Is
this a simplified or traditional policy? Do you have a specific rule in the
rule base to allow the SecureClient traffic access into and out of the
internal network?
Ray
From: Bob <testjunk2003 AT YAHOO DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecureClient and Internal Network Access
Date: Tue, 31 Aug 2004 11:03:03 -0700
Hi All,
We are using checkpoint NG FP2. We configured checkpoint gateway
so that the SecureClient can have remote access to the internal networks.
The servers in the internal networks can reach (pings work) the secure
clients but the secure clients cannot reach the internal network or any
servers (pings or http access to any servers did not work). In the network
properties for internal network i checked "Add Automatic Address
Translation rule" and picked "Hide" as the translation method (Hide behind
the interface of the install on Gateway). First of all do i need to
configure NAT inorder for my network to work correctly. If so is my NAT
rules incorrect. Please advice.
Our network looks like this
Client CheckpointGateway
Server
10.10.20.60/20 External Internal
10.10.58.200/20
10.10.16.40 10.10.58.190
The Ip pool that i assigned is network 10.9.62.0/24. The secureclient got
an ip address 10.9.62.1 when it connected to the gateway. The server can
ping the client but the client cannot ping the gateway. Also in the log i
do not see any packets being dropped.
Any help is greatly appreciated, my boss is sitting on top of me so i had
look for help quickly.
-thanks,
sam
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
