Hi all,
I'm having problems connecting Checkpoint SecureClient to Checkpoint
firewall enforcement module (nokia IP380). Here is the setup:
(internal ip address a.b.c.d)
|
| VPN
FW1------ (public ip address = x.y.z.w) =========== Router ---- provider-1
(CMA)
||
||
||
||
||
Secure Client
The CheckPoint firewall object has following:
* IP address of the firewall object: f.g.h.q (the ip address defined on the
CMA of the provider-1). Note: this is ip is different than a.b.c.d and
x.y.z.w due to company policy
* topology - external x.y.z.w
- internal a.b.c.d
I use IP pool ( q.w.e.r) for office mode and I've configure a static route
(q.w.e.r routed to x.y.z.w). I've enable IKE over TCP and Accept VPN-1 &
Firewall-1 control connections and Accept VPN-1 & Firewall-1 control Remote
connections are enabled . The error that I got is:
* "tunnel test fail"
* "'Machine is not securely configured. There is no active security policy
on your computer. Please logon to Policy Server to download a policy, or
enable the policy if it is disabled.".
Additionally, no Desktop Security is installed. Plus, if I disconnect and
try to connect again within 1-2 minutes and I'm not able to connect anymore
(I must reboot the client box). The userC.c from Secure Client has the ip
f.g.h.q instead of x.y.z.w. If I modified the value with external ip addres
that almost everything works (except the fact that if 3rd issue with
connection). Therefore, here are my questions:
* How can I force the CheckPoint module to push to the Secure client the
file userC.c with its external ip address?
* Any idea how the re-connection issue can be solved (I disconnect and try
to connect again within 1-2 minutes and I'm not able to connect anymore (I
must reboot the client box)) ?
(I've raised a support call with Checkpoint through my FW suppliers but
as yet still not working)
Any help will highly appreciated,
Mihaela
