Topic: Connecting to Unix server at work running Checkpoint 1 Firew

[Shane]

I am running an 4.1.2 E-Smith server at home, connected to a cable modem.  I am running Win2K on a laptop and have installed the newest Checkpoint vpn client.  I am trying to connect to a Unix server at work running Checkpoint 1 Firewall.  I was able to accomplish this fine with the older version of E-Smith, but I have replaced the server machine, and installed the newest version of E-Smith to use the extra available features.  I can connect fine with my laptop connected directly to the cable modem bypassing the E-Smith server.  Can anyone help me configure E-Smith 4.1.2 to act like E-Smith 4.0 regarding vpn?

[blakeh]

I'm looking for a solution to this also.  I'm faced with basically putting in a linksys router which is supposed to work fine with checkpoints client and not using esmith for my firewall.

I have tried the info at www.phoneboy.com regarding ipchains, but still no luck.

[Mike]

Have you looked at this How-To:

http://students.ou.edu/W/Christopher.A.Worthington-1/e-smith/ipsec/

I had similar configuration issue, but resolved with is update.  Hope it helps.

Mike

[Blake H]

Were you using securemote on client pcs trying to connect to a checkpoint firewall?

[Mike]

I am not using Checkpoint, but Raptor.  Raptor has it's own software to create tunnel (Raptor Mobile).  Essentially I create tunnel to firewall through e-smith server, then use VNC to connect to workstation/server on network.  The principal should be the same.  So...

Home PC <--> E-smith  <--> Internet  <--> Firewall  <-->  Server

Installed update.  Then E-smith manager gives VPN option under 'Security' heading.  Add VPN connection information.  Connect.  

I hope that helps.

Mike

[Shane]

Which update?  I am surveying this link now for an update.
http://www.e-smith.org/contrib/rpm-index/RPM_by_rpm_group-Networking.html Please let me know if I'm in the right place.

[Shane]

I am using Check Point VPN-1 SecureClient 4.1 SP4.  Someone at work told me I need to go back to SP2, so I am trying this now.

[Mike]

I am not familiar with the update you reference.  Please review this update:

http://students.ou.edu/W/Christopher.A.Worthington-1/e-smith/ipsec/.

It is also in the how-to page (http://www.e-smith.org/cgi-bin/contrib.cgi)

under category 'Virtual Private Networks'.

[Greg DePasse]

I had a similar problem using a Cisco IPSEC client and NAT.  The problem had to be resolved at the VPN server side by specifying a specific port to use.  

I read IPSEC uses random ports to set up and receive the session (sounds similar to FTP), so when my laptop made an outgoing request on one port, the response came back on another port and the NAT box dropped it.  Once my IT group specified a single port to use, the problem was resolved.  Another way to resolve it would be to have all external traffic forwarded to your laptop, but I don't know how to do that on e-smith.

Hope this helps,
Greg