Re: Email access over the Internet

From: wing_lam@jossynergy.com
Date: Mon Jun 16 2003 - 22:50:52 GMT-3

Hi, McCallum

Please check whether your firewall really activated UDP encapsulation first
(Check the objects.C file), Check Point use proprietry UDP 2746 for IPSec
encapsulation, the firewall will determine when to use UDP2746 and when to
use ESP, by determining whether you source port has changed before. you're
no need to configure it in SecuRemote, but you also can force it into UDP
encapsulatipn mode by checking the SecuRemote tools -> Force UDP
encapsulation.

You can check whether your CheckPoint response UDP2746 traffic, you can
also connect you SecuRemote client to CheckPoint's testing site to see
whether sucesss.

Just share with you my experience, I have implemented CheckPoint several
times with VPN, but the SecuRemote function is really a headache, some
hidden issue will make this not working and it's cannot be solved other
than upgrade, for example if you're in FP2 with Nokia Platform, and if the
VPN acclerator card is activated, UDP encapsulation will not work but 1:1
translation will still work. I have one project implemented CheckPoint and
it lasted for two months just because troubleshooting the SecuRemote behind
broadband sharing and at last I know the above. I have a friend implement
CheckPoint in Solaris platform, the SecuRemote work in PAT environment in
first few months, and recently, it becomes not working.

The following two link will be useful for CheckPoint product, although my
last case still haven't solved.

www.securepoint.com
www.phoneboy.com

Thx,
BBD (Big Black Dog)

                                                                                                                                               
                      "McCallum, Robert"
                      <Robert.McCallum@let-it-b To: "'Ccielab' (E-mail)" <ccielab@groupstudy.com>, "Cisco@Groupstudy. Com
                      e-thus.com> (E-mail)" <cisco@groupstudy.com>, "Comserv (E-mail)" <comserv@groupstudy.com>,
                      Sent by: "'security@groupstudy.com'" <security@groupstudy.com>
                      nobody@groupstudy.com cc:
                                                       Subject: Email access over the Internet
                                                                                                                                               
                      06/17/2003 03:51 AM
                      Please respond to
                      "McCallum, Robert"
                                                                                                                                               
                                                                                                                                               

Folks,

I have a problem in my work where for some strange reason I cant access my
email over the internet from a hotel. The reason for me not being able to
access email is because, oddly enough, the hotel uses NAT. We use
checkpoint firewalls and I use securemote software. Now I believe its
something to
do with the secure ID token that I use and when I type this in there is
some form of checksum which is checked at the server end. This of course
has changed due to the Nat going on.

has anybody out there experience this as well and know what the simple
solution is. I'm sure there is a simple solution and its just my company
politics which is causing me the problems.

Any help will be much appreciated.

Robert McCallum CCIE #8757
01415663448
07818002241

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:59 GMT-3