Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1574 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't connect with SecuRemote

Leon
Hi,
I'm trying to connect one pc in my internal network to a FW-1 VPN using SecuRemote, there is an ASL 3.214 in my network.
The autentication with FW-1 succeed, but the comunication with internal hosts fails.
Any idea?
Help me please
Thank you
  


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Andy_01
    Ok, the simplified topology is as folow

    PC w/securemote---ASL---internet--CP---Remote Lan

    All of my internal pcs access internet using ASL in MASQ mode, I try to connect in this way and fails, I configure the SecuRemote address pc with a SNAT rule using a valid address and it access internet fine but in both case I can autenticate with CP but I can't see the remote lan.
    Thanks

    Leon
  • 0 in reply to Leon
    You probably forgot to DNAT to your internal PC for the returning AH/ESP packers (IP types 51/52). No, encrypted traffic never was designed with NAT (worde: MASQ NAT) in mind, so this always is a PITA.
  • 0 in reply to vtanger
    I am pretty sure that won't work behind NAT!

    btw vtanger, ESP is IP porotocol 50

    read you
    o|iver
     
     [size="1"][ 24 January 2003, 11:49: Message edited by: oliver.desch ][/size]
  • 0 in reply to oliver.desch
    Yes, you're absolutely right - small glitch in my memory.

    Though I've never seen a successful VPN through NAT I've heard that someone had made it working with 1:1 NAT in some way. Sorry, don't know details...
Cookie Information Banner