Can someone tell me how to configure ISA 2004 (SP2) to allow outbound access for CheckPoint SecuRemote client from my Internal Network?
I have searched around the forum, but can't seem to find something to make it work. I tried to create a the following Access Rule:
Action: Allow Protocols: All Outbounds Traffic From/Listener: All Networks To: All Networks Condition: All Users
Still no luck with the above rule. I am able to authenticate to the CheckPoint VPN Server, but are unable to access/ping any server on the remote site. Is there anything besides the access rule that I need to configure for this to work properly?
Client = SecureNAT CheckPoint version = NG with Intelligence (R55) build 082
explain a little more as to what is happening wit the remote client.
Are you trying to mke the inital connection?
have you connected once and recieved your key from the Checkpoint server?
I had similar issues using a Sonicwall, I had to make a limited use rule that allowed the traffice frm the Checkpoint firewall back inside my network, once the Secureremote got it's firsttime handchak (Key) I could close off the rule, and we could continue to make the connection. When you first install the client it hits the server and asks for a security check, this is sent back to the client, and it is at this point my sonicwall was blocking the traffic.
I do not know what protocol it uses IKE? But the access rules i created should open up all connection just for the testing purpose. So i assume it will work with whatever protocol it uses.
Or where do I go about looking for the Protcol it uses, other than performing a Network Monitor?
quote:
ORIGINAL: EQNish
explain a little more as to what is happening wit the remote client.
Are you trying to mke the inital connection?
have you connected once and recieved your key from the Checkpoint server?
I had similar issues using a Sonicwall, I had to make a limited use rule that allowed the traffice frm the Checkpoint firewall back inside my network, once the Secureremote got it's firsttime handchak (Key) I could close off the rule, and we could continue to make the connection. When you first install the client it hits the server and asks for a security check, this is sent back to the client, and it is at this point my sonicwall was blocking the traffic.
I think it already passed the stage of the handshake, since I got authenticated. If the handshake is not blocked, i sometimes would get "Failed to communicate with CHeckPoint Server."
And what I don't get is why is it blocking any traffic when I opened up all ports from all networks to all networks.
I figured out the problem. Initially, I configured a PPPoE connection on the ISA Server following instructions in the article, http://support.microsoft.com/default.aspx?scid=kb;en-us;837830. With this setup the external NIC did not obtain an Public IP from the ISP, instead, the IP is assigned to the Virtual PPPoE Adapter.
I reconfigured the my DSL Modem to dialout using PPPoE and have the ISA's external NIC set to obtain IP automatically (refer to Tom Shinder's section on DHCP Spoof Attack Prevention if you encounter problem obtaining an DHCP address) and it worked.
Maybe someone can clarify this for me. :) My terminology and understanding is limited. And I know is that this works for me.
When I plug my VPN client directly to one of the internal port of the router the VPN connection to the remote Check Point server is established and works well. If I want to connect through the ISA 2004 there is a failure. (All outbound traffic is enabled)
In ISA server I tried to set the network relationship between internal and exernal networt to route. Everything worked well also but VPN.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> CheckPoint SecuRemote can't reach out 
CheckPoint SecuRemote can't reach out - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread