Hi Lyle,
What does a traceroute to the 10 networks from a dial-up client show?
You are using SecureClient and you do have Hub Mode enabled on the client
and on the firewall (allow SecureClient to route through this gateway),
don't you?
Do you have desktop policy rules in place to allow the traffic?
Does the firewall have a route so it knows what to do with the 10. network
traffic?
Ray
From: Lyle Dove <ldove AT BIZLA.RR DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Hub Mode
Date: Wed, 22 Sep 2004 11:40:50 -0700
Hello all,
I'm having some trouble getting this to work correctly. Hopefully, I'll
explain my situation correct.
My setup consists of a FW that resides inside a particular AS cloud. A
cable modem network to be specific. In this AS cloud, we have 10.x.x.x
space that is routable only within this cloud, and obviously, not out past
our edge routers. We also have public IP space which is routed normally.
My
FW resides within this AS cloud, and as such, I can access both the
10.x.x.x
IP space, and the public space as expected. Now, if I am outside this AS
cloud, lets say on dialup, but I want to access those 10-nets, I would need
to VPN to my FW, and have it route any traffic destined for 10.x.x.x
through
that VPN tunnel. It appears that when I connect, the FW is pulling the
traffic through the tunnel, but it terminates at the FW, and doesn't go
anywhere from there. To me, it appears that the VPN tunnel portion is
working correctly, but I need it to route it back out the External
interface
so through the VPN tunnel, I can access the 10.x.x.x IP's. The VPN tunnel
connects at the FW's external interface as well.
I currently have the FW setup with the Allow Hub Mode checked, and have
defined the IP's that should be in the VPN domain already and manually
defined under the topology on the FW Module.
Here's a basic diagram.
(cloud) AS12345
|-----------------------|
| |
| 10-net/public IP's |
| | |
Dialup----*VPN*------|---------FW |
| |
|-----------------------|
Hope this makes sense. Please advise if you need further information.
Thanks!!
--------
Beep! Beep!
Lyle Dove
BPS Senior Technician
Time Warner Cable - Los Angeles Division
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons
or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
