CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Installing And Upgrading
Reload this Page Newbie help with VPN-1
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-03-01
rasoftware rasoftware is offline
Junior Member
  
Join Date: 2006-02-17
Posts: 4
Rep Power: 0
rasoftware has an average reputation (10+)
Default Newbie help with VPN-1
I install VPN-1 Pro on Windows 2003.

I have two network cards with public and private address. I am able to access internet from the VPN-1 server, but my client behind the firewall with gateway of the Checkpoint can't access the net.

Do I need to enable routing and remote access on the 2003 box?

I have enabled NAT from inside to outside.

I notice there are no rules by default, does this mean traffic flow by default?
Reply With Quote
  #2 (permalink)  
Old 2006-03-02
ddarby1 ddarby1 is offline
Member
  
Join Date: 2006-01-09
Posts: 72
Rep Power: 3
ddarby1 has an average reputation (10+)
Default Re: Newbie help with VPN-1
rasoftware,

you need to read up a bit on Check Point and Firewalls.

Most firewalls, unlike routers are paranoid by default, though some will allow inbound to outbound by default, but certainly not the reverse.

This means that there is an implicit deny at the bottom of the rule set (or access-list, etc.). If you have no rules, no traffic is allowed, except in CheckPoint's case, hidden 'Implied Rules' which are required to manage the firewall form the Managment Server.

Try starting by adding a Security Rule, which has Source; Any, Destination; Any, Action; Accept.

Depending on how your NAT rule is setup your client behind the Firewall should then be able to access the Internet.

If this does not work, post back here, but do try to find out this information for yourself.


In answer to your question, no you do not need to enable routing and remote access on the 2003 box.
Reply With Quote
  #3 (permalink)  
Old 2006-03-02
Sergej Sergej is offline
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 3
Sergej has an average reputation (10+)
Default Re: Newbie help with VPN-1
Quote:
Originally Posted by ddarby1
In answer to your question, no you do not need to enable routing and remote access on the 2003 box.
Sometimes installation process do not enable Routing (via registry key). You need than go to regedit and do it by yourself. You can also check if it enabled.

In a registry editor, navigate to HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip\Parameter s

Check if the "IPEnableRouter" value is 1
Reply With Quote
  #4 (permalink)  
Old 2006-03-03
rasoftware rasoftware is offline
Junior Member
  
Join Date: 2006-02-17
Posts: 4
Rep Power: 0
rasoftware has an average reputation (10+)
Default Re: Newbie help with VPN-1
Thanks, documentations seems a litttle thin on the ground.

i got it working by installing a policy and reinstalling checkpoint on the SecurePlatform, traffic is now flowing inside-outside.

Any useful links for getting started would be helpful.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 02:24.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0