On 8/20/05, Ray <sixsigma44 AT hotmail DOT com> wrote:
> I'm using SecureClient R55 HFA04 & NGX in Hub Mode on an R55 gateway. It
> works great. Now I need to add a rule so that clients that are VPNed in can
> access an FTP site on the Internet, something we have never needed before.
> Formerly all resources were in the encryption domain only.
>
> The remote access community rule is OK and the desktop security policy rule
> is OK. SmartView Tracker shows the traffic is being accepted, but the
> connections never work, they just time out. It doesn't matter if I'm using
> FTP, SSH or even ICMP.
>
> Runnin ipconfig /all on the client shows something odd, though. I'm using
> IP Pools and Office Mode and have xxx.xxx.133.0/24 (a routable address) as
> the Office Mode pool. I routinely see xxx.xxx.133.1 assigned to a remote
> access client as its Office Mode address, but ipconfig /all is showing
> xxx.xxx.133.1 as my default gateway.
>
> Does anyone know if this is something broken in Office Mode & Hub Mode or
> whether its just a display oddity?
>
Probably you need some sort of NAT to the Office Mode/IP Pool IP
addresses so when the SecureClient connections go to the Internet go
back to the firewall/VPN gateway, so they can as well be routed
properly back trough the VPN to the SecureClient machine...
HTH. Best regards.
- Martín.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
