Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet Connection Sharing-securemote client to Checkpoint1 Firewall

Status
Not open for further replies.
dmna007

dmna007

MIS
Dec 11, 2002
56
GB
Hi Everyone.

Have set up a network at home with a pc plugged into the adsl set up as a ICS server so the other systems (all windows 2000) can access the internet.

This side of things works fine with all systems able to connect to the web.

I am trying to connect to my works vpn via a system on the home network going through the ICS server but cannot connect.

When I am plugged in directly to the adsl I CAN connect to the vpn without a problem, but when using ICS this doesnt work.

Is there any reason why this would be the case, I didnt think ICS did any packet filtering unless you specified it to?

Can anyone be of any help?

Thanks, Damien
 
Sort by date Sort by votes
Hi does anyone know why i am having these problems using ICS?

Thanks

Damien
 
Upvote 0 Downvote
When you are using ICS I assume you have NAT enabled to create a home network. Does this home network's subnet coincide with a subnet on on your business side? If so, you'll need to assign your home network a completely different subnet.

Also NAT can break IPSEC protocol often used with VPN. You will need to use ESP with IPSEC to make this work right behind a NATed device. Ask your Network guys what you are doing with your Securemote.

When you are plugged directly into your ADSL line and can get the VPN to work, chances are your PC gets the public IP address and no NAT is taking place. This is why you work in thsi scenario.
 
Upvote 0 Downvote
Hi Belushi thanks for your responce.

How can NAT be enabled on ICS, is this a registry key or a change of the securemote ini file?

The subnet masks are completely different for the home network and work networks so i dont think this will cause a problem.

We are also using fwz encryption should this make a difference?
 
Upvote 0 Downvote
I'm not too farmiliar with ICS because I have always preferred the router solution instead.

When you use ICS, does your host PC (the one directly attached to the broadband modem) act as a DHCP server and dish out IP addresses to the other PCs or is some other scheme used?

I use IKE with Securemote. I seem to remember a lot of people having issues with FWZ. You'll need your network guys to make sure you are both using the same ecryption shemes. I believe FWZ is proprietary to Checkpoint where as IKE is an industry standard.
 
Upvote 0 Downvote
Thanks Belushi.

Does anyone know any switches, setting or registry keys for ICS to enable/modify NAT settings or IP encapsulation?

We are using static IP addresses on all of our hosts but can try dhcp but not sure this will make a difference?

Are there any products for internet connection sharing/proxies that will definately work with secure remote for all home users?

Thanks, Damien.

 
Upvote 0 Downvote
Hi Guys, anyone know about enabling NAT using windows 2000 internet connection sharing?

Thanks

Damien
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
463
sircles
sircles
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
867
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
388
Randy_F
Randy_F
gpx123
  • Locked
  • Question
PPTP VPN no internet on 7 yes internet on XP
Replies
1
Views
145
rportillo07
rportillo07

Part and Inventory Search

Sponsor

Back
Top