Checkpoint secureremote with IPMasq

Checkpoint secureremote with IPMasq

Post by donh.. » Sun, 05 Nov 2000 04:00:00



I'm trying to get a VPN to work with Checkpoint's SecureRemote client.
My ISP uses NAT - presenting a fixed routable address to the Internet
and passing the traffic back to me on a fixed private address over
DSL.  I also have a second dynamic address also on NAT.  At the Linux
box I use IPMasq to pass traffic back to a couple of Windows PCs and
IPChains to hold back the masses.  

When I hook up a laptop to the DSL bridge I can connect over the VPN
using the fixed address or dhcp.  When I try to go through the Linux
box it doesn't work.  I opened the firewall to the appropriate UDP
traffic from work - I even opened the firewall to all traffic from
work.  Still no dice.  I am not aware of any need for portforwarding
any return connections from teh VPN server or anything like that - but
I may have missed something there.  Does anyone have any suggestions?

 
 
 

Checkpoint secureremote with IPMasq

Post by Obiwankenob » Sun, 05 Nov 2000 04:00:00


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

Using SR with NAT is best you try it with V4.1 SP2, there is a UDP
encapsulation present.

Bye, Obi*enobi

- ---------------------------------------------------------

Web: http://www.veryComputer.com/

PGP Public Key: http://www.veryComputer.com/*enobi.asc
PGP Key: C280 EC1C 42F0 F838 1AF5  9824 47AA 28DA C96D 9977

May the force be with you !
- ---------------------------------------------------------


Quote:> I'm trying to get a VPN to work with Checkpoint's SecureRemote
> client. My ISP uses NAT - presenting a fixed routable address to
> the Internet and passing the traffic back to me on a fixed private
> address over DSL.  I also have a second dynamic address also on
> NAT.  At the Linux box I use IPMasq to pass traffic back to a
> couple of Windows PCs and IPChains to hold back the masses.

> When I hook up a laptop to the DSL bridge I can connect over the
> VPN using the fixed address or dhcp.  When I try to go through the
> Linux box it doesn't work.  I opened the firewall to the
> appropriate UDP traffic from work - I even opened the firewall to
> all traffic from work.  Still no dice.  I am not aware of any need
> for portforwarding any return connections from teh VPN server or
> anything like that - but I may have missed something there.  Does
> anyone have any suggestions?

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.veryComputer.com/>

iQA/AwUBOgQiAEeqKNrJbZl3EQJE6QCg47EMqL6GfYmV+Qzy3R0rsIOUQC8AnRRn
d85OR0hQA6S/cBB6SBcNXdLv
=+o63
-----END PGP SIGNATURE-----

 
 
 

Checkpoint secureremote with IPMasq

Post by Cokey de Perci » Mon, 06 Nov 2000 10:23:42



> I'm trying to get a VPN to work with Checkpoint's SecureRemote client.
> My ISP uses NAT - presenting a fixed routable address to the Internet
> and passing the traffic back to me on a fixed private address over
> DSL.  I also have a second dynamic address also on NAT.  At the Linux
> box I use IPMasq to pass traffic back to a couple of Windows PCs and
> IPChains to hold back the masses.

> When I hook up a laptop to the DSL bridge I can connect over the VPN
> using the fixed address or dhcp.  When I try to go through the Linux
> box it doesn't work.  I opened the firewall to the appropriate UDP
> traffic from work - I even opened the firewall to all traffic from
> work.  Still no dice.  I am not aware of any need for portforwarding
> any return connections from teh VPN server or anything like that - but
> I may have missed something there.  Does anyone have any suggestions?

If you're trying to run a Windows SecureRemote client behind a Linux firewall,
then you're going to have to patch the kernel as well as open the firewall
on various ports.  This should give you the hints you need.  Also note that
some protocols can NOT be forwarded.  I currently use a Nortel/Bay Networks
SecureRemote client on Win95 within a VMWare session on a Linux server behind
an LRP (Linux Router Project) router/firewall and it works just fine.

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/VPN-howto/VPN-Masquera...

Best

Cokey

--
------------------------------------------------------------------
Cokey de Percin, DBA            Email:


 
 
 

1. Using Checkpoint's SecureRemote through IPCHAINS firewall (VPN)

Has anyone been able to get SecureRemote client to connect through a Linux IPCHAINS firewall.  I have applied the
VPN patch to the kernel and added the necessary ipchains options to my firewall script as layed out in the IPMASQVPN Howto
but I still can get a connection to the VPN server.   Any Ideas??

Thanks

==================================
Posted via http://nodevice.com
Linux Programmer's Site

2. System Performance - HELP

3. Client Linux for CheckPoint /SecureRemote

4. NAMED Exits for no apparent reason? Works fine otherwise...

5. NAT and Checkpoint SecureRemote

6. while read in sh

7. Nokia IP400 Firewall and Checkpoint (The Fastest Checkpoint Firewall Box)

8. probe SCSI bus

9. ipmasq: FTP and Hotline behind ipmasq firewall.

10. DHCP+SecureRemote+Firewall+DSL Problem

11. Checkpoint NG(Policy Editor) running on Solaris 8

12. Looking for SOLARIS/CISCO/CHECKPOINT openings..

13. 5.6: OS patches and Checkpoint Firewa