Connected, but interface doesn't start (VISTA)

[aberka]

I have NGX R60 HFA2 and under Vista, although username is verified and VPN client reports CONNECTED, the interface is started and no route is added. Tray icon looks like connected.

This is a part from ipconfig /all before connection:

Code:

Adapt‚r sˇtŘ Ethernet Pýipojenˇ k mˇstnˇ sˇti* 10:

   Stav m‚dia  . . . . . . . . . . . : odpojeno == THIS MEANS DISCONNECTED
   Pýˇpona DNS podle pýipojenˇ . . . : 
   Popis . . . . . . . . . . . . . . : Check Point Virtual Network Adapter For SecureClient
   Fyzick  Adresa. . . . . . . . . . : 54-F7-C8-68-FF-12
   Protokol DHCP povolen . . . . . . : Ano
   Automatick  konfigurace povolena  : Ano

and after successfull login:

Code:

Adapt‚r sˇtŘ Ethernet Pýipojenˇ k mˇstnˇ sˇti* 10:

   Stav m‚dia  . . . . . . . . . . . : odpojeno
   Pýˇpona DNS podle pýipojenˇ . . . : 
   Popis . . . . . . . . . . . . . . : Check Point Virtual Network Adapter For SecureClient
   Fyzick  Adresa. . . . . . . . . . : 54-F7-C8-68-FF-12
   Protokol DHCP povolen . . . . . . : Ano
   Automatick  konfigurace povolena  : Ano

= the same thing.

I tried to disable user account security something in Vista.

Connections status looks like:

Code:

Checking network connectivity...
Preparing connection...
Connecting to gateway...
User AB14CZEX authenticated by Radius authentication 
Connected to gateway
Detecting network parameters...
Connection succeeded

Any ideas? This complicates my life a LOT :(

Thanks for any help.

[melipla]

Did you violate any of these known limitations?

Quote:

1) SecureClient for 64Bit Windows is not supported.


2) Upgrading from Windows XP or Windows 2000 to Windows Vista while SecureClient
is installed is currently not supported. Workaround:
1 Uninstall SecureClient.
2 Upgrade operating system.
3 Install SecureClient NGX HFA_02.


5) Despite new elevation capabilities of User Account Control in Windows Vista, SecureClient NGX HFA_02 can only be installed by an administrator or a member of the Administrators group.

Otherwise turn on SecureClient logging and examine the output of the connection log.

[aberka]

Thanks for replying!

>Did you violate any of these known limitations?
>Quote:
>1) SecureClient for 64Bit Windows is not supported.
Windows Vista 32b Bussiness Czech
>2) Upgrading from Windows XP or Windows 2000 to Windows Vista while >SecureClient
>is installed is currently not supported. Workaround:
>1 Uninstall SecureClient.
>2 Upgrade operating system.
>3 Install SecureClient NGX HFA_02.
I had a clean installation of Vista

>5) Despite new elevation capabilities of User Account Control in Windows >Vista, SecureClient NGX HFA_02 can only be installed by an administrator or >a member of the Administrators group.
>Otherwise turn on SecureClient logging and examine the output of the >connection log.
I have turned the UAC off. I'm the only user on that machine, I'm a member of Admin group.

I don't see anything suspicious in the logs: http://aleq.xf.cz/fw/SC_logs_26_Jun_07_18_46_20.tgz and http://aleq.xf.cz/fw/SC_logs_26_Jun_07_18_51_23.tgz

Thanks for help.

[giallorossi77]

Hi,
I have to same problem, SNX connected but no routes imported.

Any suggestione?

Luciano

[aberka]

No solution. It simply doesn't work under Vista for me. I'm using VMware with XP and tunnels between Host and VMware. Terrible.

[giallorossi77]

Hi guys,
I tried again using a R65 Standalone installation. The SNX client was installed correctly (no need to work on UAC) but still no routes added to the routing table of the Vista PC.

Still wondering if it will ever work......

[mcnallym]

When you say routes added to the routing table, you don't see routes added, you just the virtual network adapter with it's IP settings and Default Gateway etc when connected or without an IP if not connected.

Does it work on Xp for you as all I get is the virtual network adaptor and then the Office Mode settings appear in there when connected. I don't ever get routes added to my routing table.

[aberka]

Am I the only one who doesn't understand the previous post? :-)

[mcnallym]

What I was saying was why are you expecting to see routes added to the routing table with SecureClient.

Asked if it worked under XP for him.

Hardly rocket science.

[giallorossi77]

Hi, we are talking about SNX and how the vista client knows about the encryption domain when it get connected to the firewall.

Routes are added to the host routing table in order to get it reach the encryption domain exported by the firewall.
This is what my xppro pc get when it connects to a vpn-1 using the SNX:

10.1.1.1 255.255.255.255 192.168.253.250 192.168.253.251 1
10.1.1.8 255.255.255.255 192.168.253.250 192.168.253.251 1
10.1.1.10 255.255.255.255 192.168.253.250 192.168.253.251 1
10.1.4.3 255.255.255.255 192.168.253.250 192.168.253.251 1
10.5.2.1 255.255.255.255 192.168.253.250 192.168.253.251 1
10.6.1.2 255.255.255.255 192.168.253.250 192.168.253.251 1
10.6.3.206 255.255.255.255 192.168.253.250 192.168.253.251 1
10.13.1.1 255.255.255.255 192.168.253.250 192.168.253.251 1
10.16.1.1 255.255.255.255 192.168.253.250 192.168.253.251 1
10.19.1.4 255.255.255.255 192.168.253.250 192.168.253.251 1
10.19.1.6 255.255.255.255 192.168.253.250 192.168.253.251 1

where 192.168.253.251 is the ip address of the "Check Point Virtual Network Adapter For SSL Network Entexder"

Hope this help.

Luciano

[mcnallym]

Apologies for the confusion, I assumed it was SecureClient that you was on about as this is the SecureClient area, and the original thread start was about SecureClient on Vista.

There is a seperate area for SNX issues which is why assumed was SecureClient