We were also having similar problem, the servers which were in directly
connected subnets of the Firewall could be accessed but the servers which
were in subnets 2 / 3 hops away from the firewall could not be accessed. We
tried IP pool NAT but it didn't work. So we used manual source NAt.
VPN users IP >>> (Servers not in directly connected subnet) >> (some private
pool) >> (Servers not in directly connected subnet)
Regards,
DC
On 5/23/06, Ray <sixsigma44 AT hotmail DOT com> wrote:
Are they using PPPoE with ADSL? PPPoE adds eight bytes to the packet size
causing fragmentation. The fix is to decrease the MTU on the client to
1492
or less.
The most common symptom of this is the ability to authenticate but not
access anything.
Ray
>From: Shiroma Dassanayake <nilshiro2000 AT YAHOO DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] secure remote users cannot access target servers in VPN
>domain
>Date: Mon, 22 May 2006 03:35:05 -0700
>
>Dear all
>
> We have secure remote users connecting to servers in our VPN domain.
>However some of our secure remote users are experiencing problems
>connecting to the target servers in the VPN domain. These particular
secure
>remote users are able to download the site and are authenticated as well,
>but, after authentication, are unable to access the target servers in the
>VPN domain.
>
> My VPN domain is configured as a group of network objects that
comprise
>several networks.
>
> Can anyone shed any light on this? Any help would be much
appreciated.
>
> Thanks and regards
> Shiroma
>
>
>---------------------------------
>Sneak preview the all-new Yahoo.com. It's not radically different. Just
>radically better.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Regards,
dhananjoy
India.
GSM # : 091-9899602123
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
