Thanks for you answer
I try to use an Windows WP station with Eicon Diva ADSL USB modem (with no
filtering options) as a gateway .
If I enable ICF, I see in pfirewall.log that ESP (IP 50) is dropped I don't now
why and I how to allow it
It also doesn't work if I disable ICF
Any idea ?
Thanks
Bertrand
GoddardM AT SCHNEIDER DOT COM le 21-10-2004 15:34:15
Veuillez répondre à Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Pour : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc : (ccc : Bertrand KLOTZ/DE3I/GFI/fr)
Objet : Re: [FW-1] SecureRemote with Windows ICS
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
How do you have your routers set up? For example, on my wireless router, I
have to add IPSec passthrough (which is default anyway). PPTP and other
tunneling options are also there... this is something you may want to
check. But it works fine for me. It even worked fine when I used dial-up
ICS! (And yes, it was crappy and slower than you can imagine..)
Also make sure the ICF is allowing the proper ports for IKE, etc. (UDP 500,
for example). Or if you can, turn it off... mine is off; I figure the NAT I
am doing is pretty good protection as well as a general lock-down of my
home system.
If I remember right, there might also be some options to allow IPSec or IKE
passthrough over the ICS. Make sure these are allowed... this is the one I
am not positive on, I would have to be looking at my routers config.
Good luck.
Regards,
Matt Goddard
Security Information Team
Schneider National
920-592-4787
goddardm AT schneider DOT com
|---------+-------------------------------------------->
| | Bertrand KLOTZ <bklotz AT GFI DOT FR> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
| | KPOINT.COM> |
| | |
| | |
| | 10/21/2004 03:19 AM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
| | |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
|
| cc:
|
| Subject: [FW-1] SecureRemote with Windows ICS
|
>----------------------------------------------------------------------------------------------|
Hi all
Does anyone know if it's possible to use SecuRemote on a LAN behind Windows
2000
or XP ICS/ICF
If Yes, Is there someting to configure on ICS ?
That don't work with my tests , and it's OK with various routers ( With IKE
over
TCP and UDP encapsulation validate)
I don't find anything about this on Checkpoint Secure knowledge
Thanks
Bertrand
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
