Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Working on Safe@Office..But can't access internal NT machine 1

Status
Not open for further replies.

chunky28

Technical User
Apr 14, 2003
121
GB
Hi,

I have successfully configured our Safe@Office 110 appliance and have just setup VPN (using SecureClient).

I can access all workstations on my internal network using their private IP address (e.g. 192.168.2.11) but I can't access a workstation running Windows NT 4.0. All the other machines run Windows 2000 and I can access these without a problem.

Are there internet security settings I need to look at on the NT machine? or is there something else I might be doing wrong?

I have checked the IP and it is correct.

In fact I can access the machine using:

- this accesses the Oracle HTTP homepage running on this machine.

BUT I can't access the different drives!!

Any help or suggestions would be most appreciated!!

Thanks

Charlie
 
Chunky, could you please describe the setup procedure for settting up a safe@office appliance.

I have a safe@office 110. I have setup the appliance and can connect to it from the outside world via web interface. But not sure how to connect to the nodes on the internal network. Do I use SecureRemote or SecureClient???

thanks
 
Falco

I used SecureClient.

Once installed:

You basically need to open the CheckPoint Client and select Site > Create New...

Then create a site with the IP address of your Safe@Office appliance (external WAN address)

You should then be prompted for your username and password which you should have setup in the firewall GUI under Users.

This may come back with an error message....I had problems creating the site and had to create it while physically connected to the network.

Once the site is setup you should be able to access the various PC’s using their private IP addresses.

Hope this Helps
 
oh yeah I use a Netgear router between the Safe@Office appliance and connection.

So the IP address of the site I created in SecureClient is in fact the IP address of my router and not the Safe@Office appliance as I said in the last post.

I then had to setup port forwarding on the router so requests on port 500, 256 and 264 are forwarded to the WAN IP address of the Safe@Office appliance.

Hope this helps

Chunky
 
Chunky, thanks for your help so far...I am going to tell you how I have the office setup and see if this is going to work

Here is my setup:

T1 Line going into the Checkpoint safe@office 110 appliance. The safe@office appliance has a real internet IP address of 66.138.103.11 and a LAN ip address on the same subnet as the internal network of 10.0.0.79.

The internal network IP address range are 10.0.0.XXX.

I can remote into the VPN appliance from outside the network via SecureClient without any problems. I can then do an update. I can also ping the LAN ip address of the VPN appliance which is 10.0.0.79 without any problems.
But I cannot ping any of the other internal nodes inside the made up network.

Does SecureClient need to be running on the internal nodes also??? Do they need to be connected to the appliance from inside???

thanks
Jason Falco
 
mmm not sure what the problem could be. I'm very new to all this too but I have configured successfully.

However I am still unable to access the drives of the NT machine (as explained when I opened the thread).

I'll look into this and update the thread if I find any answers.

I assume you have no old firewall software running on the nodes. I experienced problems in the past when Norton Personal Firewall was still installed on the internal machines. The firewall was disabled on each but it still caused problems. Once I removed it I could ping and access the nodes on the LAN.

This is how my network is setup. It might help:

Internet
|
|
Router 193.xxx.xxx.225
Subnet 255.255.255.240
|
|
Hub/Switch
|
|
193.xxx.xxx.231
Subnet 255.255.255.240

FireWall/VPN (Safe@Office 110)

192.168.1.1
Subnet 255.255.0.0
|
|
|
Hub/Switch - - - - 192.168.2.1
192.168.2.2
192.168.2.3
192.168.2.4
192.168.2.5
192.168.2.6
192.168.2.7 etc.
(all subnet 255.255.0.0)

Hope this makes sense.

Charlie
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top