Re: [FW-1] unable to VPN after removing old internet line

Subject:	Re: [FW-1] unable to VPN after removing old internet line
From:	CP Mailing List <CPMailingList AT SECURITYFRONTIER DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 21 Dec 2004 22:38:15 -0600

Dennis Pham wrote:

Hello everyone,

I have CheckPoint NG with AI R55 and it used to be on a DSL line with one
public IP address. I was able to VPN into the internal network and
everything worked fine. My T1 finally arrived and I switched everything over
to the T1 IP address and my site to site VPN is working fine but I can't
seem to do a client to site VPN. I will get an error that it is unable to
communicate with the gateway everytime I try to VPN into my network from
home with my laptop. I have checked the policy and the IP configuration and
the routes and everything seems fine. So what I did to test the VPN was to
connect the old DSL line back into the firewall along with the T1 and when I
got home I was able to connect via VPN. But when I check the SecurClient I
see that it is connected to the IP address from the T1. Is it somehow trying
to authenicate using the old DSL IP address? Is there a file or cache
somewhere that is holding the old DSL IP address? Or is there another
solution? Any help would be appreciated.

thanks in advanced,
Dennis

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

It's a common misconception that you won't have to recreate a site when
your ip address changes on the firewall.  When you setup SR/SC with a
domain name <yourdomain.com>, it immediates resolves that name and uses
the IP.  It doesn't resolve the name ever again, instead uses the IP
address of the resolved name when the site is created.  Recreating the
site should resolve your issue.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] unable to VPN after removing old internet line, Dennis Pham Re: [FW-1] unable to VPN after removing old internet line, Ray Re: [FW-1] unable to VPN after removing old internet line, Dennis Pham Re: [FW-1] unable to VPN after removing old internet line, Ray Re: [FW-1] unable to VPN after removing old internet line, CP Mailing List <=

Previous by Date:	Re: [FW-1] HFA's for R55, RoNNY Nussbaum
Next by Date:	[FW-1] Secure Client r56 and 3des, Robert Fowler
Previous by Thread:	Re: [FW-1] unable to VPN after removing old internet line, Ray
Next by Thread:	[FW-1] Secure Client r56 and 3des, Robert Fowler
Indexes:	[Date] [Thread] [Top] [All Lists]