Re: [FW-1] Securemote/secureclient connected successfully but can't accs

Subject:	Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource
From:	Clive Luk <clive AT SL.NSW.GOV DOT AU>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 27 Dec 2006 17:23:58 +1100

Thanks for your quick response during xmas break.

Yeah! I got it to work! Thanks for your reply. It was and IP conflict. The
CP sync network was the same as my home network IP. Once I have changed it.
It works like charm!

Thank you very much for your advice and help.

Wish you have a great new year. Also to all CP administrators!

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sergio
Alvarez
Sent: Wednesday, 27 December 2006 3:10 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Securemote/secureclient connected successfully but can't
accss internal resource

I guess it would be better if you give us a little more detail on this.
Because of the way you have explained the scenario, sounds to me like you
are talking about Remote Access VPN using SecurID for user authentication
(please let me know if I'm wrong), assuming that...

When you say that you were able to get connected successfully, I'm guessing
the authentication went through with no problems, but do you actually see
the messages on your client saying your user got authenticated? If so, I
believe we can safely discard any issues related with the RSA/SecurID setup.

Moving to the next step, what do you see on the SmartView Tracker when you
try to  reach anything on the LAN behind the FW?
How did you configure your rulebase regarding this connections?
If everything looks ok at this point... Have you checked for possible
routing issues once the packets are decrypted and sent to the LAN? If there
is a problem with conflicting private networks, IP Pool NAT can help you, or
even better you can use Office Mode, but for that you would need Secure
Client instead of SecuRemote (which requires an extra license)

Hope all this helps.

Regards

On 12/26/06, Clive Luk <clive AT sl.nsw.gov DOT au> wrote:
>
> Hi all,
>
> I hope someone can help me out here.
>
> I have try everything I could.
>
> I have newly setup a cluster NGX R60 firewall with RSA authentication
> manager with SecurID working. They all running on Solaris 9.
>
> I have also tested the connection from my home to the cluster FW. I have
> connected successfully. However, my issue is I can't access any internal
> resources. I can't get into the intranet or to ping any internal servers.
>
> Please help. I have tried everything. Any expert would kindly give me some
> tips it would be good start of 2007 for me!
>
> Thanks in advance!
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

-- 
Sergio Alvarez
(506)8301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Clive Luk Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Sergio Alvarez Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Clive Luk <= Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Sergio Alvarez

Previous by Date:	Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Sergio Alvarez
Next by Date:	Re: [FW-1] alteon switched firewall and antivirus, pkc_mls
Previous by Thread:	Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Sergio Alvarez
Next by Thread:	Re: [FW-1] Securemote/secureclient connected successfully but can't accss internal resource, Sergio Alvarez
Indexes:	[Date] [Thread] [Top] [All Lists]