[vpn] [fw1-wizards] SecureClient and Supernetting

BassetSE at bankofbermuda.com BassetSE at bankofbermuda.com
Thu Sep 6 07:02:06 EDT 2001


Good morning folks,

Let me apologise in advance if this sounds like a bunch of garbage, I blame
it on the "confusion factor" 

Anyway I've got a weird problem that I'm hoping you guys can assist me with.
I'm using a Nokia IP330,which is running IPSO dasher 3.4-FCS4A releng 767
06.26.2001-235900 i386 Check Point VPN-1(TM) & FireWall-1(R) Version 4.1
Build 41864 [VPN + DES + STRONG],also cpsuite-eval-3des-v41 cprs:5.0:rs5
cprs:5.0:ss cpsuite-eval-3des-v41 cprs:5.0:rs5 cprs:5.0:ss. I'm
using the VPN1 SecureClient Version 4.1 SP-4 3DES Build number:4185.

Now my problem:

I successfully created an encryption domain using a single class C address.
I dialled in and was able to build a VPN tunnel + ping and telnet to
anything in my encryption domain (the SecureClient key was flicking nicely)
everything was working fine. I then tried to ping outside of the enc domain
obviously without success which confirmed everything was working correctly.
Then I decided to create an enc supernet (e.g. 64 contiguous Class C
networks) domain for our entire network, I then downloaded the policy,
killed the SecureClient/restarted the client, delete/re-created the site
(all successfully I think) BUT when I tried to ping to anything in the enc
domain including the original one that worked before supernetting I receive
a "request timed out" at the same time I notice the SecureClient icon
flickering which I'm assuming indicates a secure VPN connection.  Once I
stop the ping it stops flickering


Since it refuses to work I decided to regress back to the single enc class C
address (which worked before) but unfortunately I'm still experiencing the
same problem.

Can anyone lead me in the right direction so I can get this thing working
correctly or is there an known issues with Check Point and or Nokia when
creating a single enc domain with a supernetted network.

regards,
Stuart







**********************************************************************
This message and any files transmitted with it are confidential and
may be privileged and/or subject to the provisions of privacy legislation.
They are intended solely for the use of the individual or entity to whom they
are addressed. If the reader of this message is not the intended recipient, 
please notify the sender immediately and then delete this message.
You are notified that reliance on, disclosure of, distribution or copying
of this message is prohibited.

Bank of Bermuda
**********************************************************************

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list