[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] SecuRemote IPIP problem

To: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] SecuRemote IPIP problem
From: Maerk Christoph <christoph.maerk@cnv.at>
Date: Thu, 22 Apr 1999 14:32:40 +0200


Hi!

Win95, SecuRemote 4005, FWZ1 / Checkpoint 4.0/SP2 Solarisx86

Our SecuRemote Clients connect to the central site through different
internet providers. The following tcpdump on the FW (ws1) is a correct
Communication with Provider A

line169.providerA.net -> ws1          UDP D=259 S=259 LEN=801
         ws1 -> line169.providerA.net IP  D=194.183.152.169 S=193.170.42.1
LEN=492, ID=34577
         ws1 -> line169.providerA.net IP  D=194.183.152.169 S=193.170.42.1
LEN=121, ID=34578
line169.providerA.net -> ws1          IP  D=193.170.42.1 S=194.183.152.169
LEN=65, ID=62977
         ws1 -> line169.providerA.net IP  D=194.183.152.169 S=193.170.42.1
LEN=65, ID=737
line169.providerA.net -> ws1          IP  D=193.170.42.1 S=194.183.152.169
LEN=121, ID=64257

First - udp - authentification, then ws1 sends IPIP Packets (protocol Nr 94)
- on the client "User sucessfully authenticated...." appears and SecuRemote
answers with IPIP packets... Thats OK!


But now the problem: the same configuration with Provider B

line111.providerB.net -> ws1          UDP D=259 S=259 LEN=801
         ws1 -> line111.providerB.net IP  D=195.3.76.65 S=193.170.42.1
LEN=492, ID=53039
         ws1 -> line111.providerB.net IP  D=195.3.76.65 S=193.170.42.1
LEN=121, ID=53040
         ws1 -> line111.providerB.net IP  D=195.3.76.65 S=193.170.42.1
LEN=492, ID=53041
         ws1 -> line111.providerB.net IP  D=195.3.76.65 S=193.170.42.1
LEN=492, ID=53042
and so on....

On the client the "User sucessfully authenticated..." appears - but then -
fhe Client does not answer to the IPIP packets. The FW keeps sending the
"LEN=492" packets... -> no communication can occur.

The "Site Update" worked fine. We are using FWZ1. There is no NAT on the
used ways...
ProviderB tells us, that he has no filters and no access-lists and no NAT on
his routers... 

What else could this be?

Christoph Maerk
christoph.maerk@cnv.at



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] NT Dr. watson's
Next by Date: [FW1] configuration rule 0
Prev by thread: Re: [FW1] NT Dr. watson's
Next by thread: [FW1] configuration rule 0
Index(es):
- Date
- Thread