 SSL Network Extender problem
Hi all
I have a big problem with SSL network extender, basicaly i have a test envirement with checkpoint NG R55 HF12. the enforcement module and the smart center are in the same machine.
i did all the setup required to run SSL NE (visitor mode, office mode, user access...) and i connect successfuly to the gateway.
the problem appear after the authentication and the creation of the virtual interface . when i trie to ping a host behind the gateway i can see the packet encrypted sent to the gateway and then the gateway decript it and send it to the final host but there is no reply, my packet never come back. I'm almost sure it's a routing problem but everything looks normal
here is a windump done on the host that receive the ping you can notice that the gateway forward it but the host don't know how to go back to the remote peer (192.168.242.5)
22:35:56.692653 arp who-has 192.168.242.5 tell 192.168.242.20
22:36:20.794009 IP 192.168.242.5 > 192.168.242.20: icmp 40: echo request seq 18688
22:36:20.794130 arp who-has 192.168.242.5 tell 192.168.242.20
22:36:25.786631 IP 192.168.242.5 > 192.168.242.20: icmp 40: echo request seq 18944
22:36:25.786784 arp who-has 192.168.242.5 tell 192.168.242.20
22:36:31.527515 IP 192.168.242.5 > 192.168.242.20: icmp 40: echo request seq 19200
22:36:31.527621 arp who-has 192.168.242.5 tell 192.168.242.20
22:36:36.584388 IP 192.168.242.5 > 192.168.242.20: icmp 40: echo request seq 19456
22:36:36.584561 arp who-has 192.168.242.5 tell 192.168.242.20
Your help will be really appreciated
Thanks a lot
Berkine  |