SC only working when on Internal Network

[Roch_Greg]

Can anyone tell me what would cause SC w/om to work while connecting using a IP address from the Local Network (inside) but fail from the very same machine when using a dial-up connection or from the same machine but off the LAN?

Greg

[Thorpuse]

The IP Address of your firewall object is set to the Internal IP, and you have not set up link selection. Therefore the userc.C file has the IP to establish the client-site tunnel to as the internal IP, and can't reach it.

That's the most common mistake made here.

[Roch_Greg]

Thanks for replying. I do have the link selection set to use the IP from the external Interface "Selected address from topology" setting.

When the product was initially installed several years ago eth0 was internal and eth1 was external. I switched that around so the External IP is on eth0 now but would like to know where does the fw pull it's IP address from?

It's really weird, in the test lab, I can do a clean install of SC and point it to the Internal IP of the Gateway and it'll do what's it supposed to. Authenticate, connect, download the topology and policy.

Take another machine and use a dial-up account and try to hit the external ip of the gateway w/SC and all I see it the logs are hits for fw1_topo. But there is no prompt for authentication so there is no encryption on that side.

Here's a snippet from the SC Service Log

fwclient_connect_ei: sic name for server 8a314941 is NULL.
peers addresses are 10.1.0.17
sic_client_do_connect: no server sic name supplied, server sic name is unknown.
[fwasync] fwasync_make_connection: 4149318a/264: dowait is -1 sock is 1208
fwuserc_exec_switch: finished command: 1.
[VPN] fwuserc_exec_switch: __end__ 10:54:54.93
fwasync_connected_failed: 1208 from exception: The access code is invalid.
fwclient_connected: connection failed
[VPN] fwuserc_post, command=6 (0x6)
[VPN] fwuserc_post: Forwarding the posted message to the GUI.
[Communication] Add Command to RPC table: 53
[Communication] Remove Command from RPC table: 53

Greg

[Roch_Greg]

Okay, I found under the gw's General Properties where the IP address is assigned. It's the same as it has always been. The Public IP of the GW.

Greg

[Roch_Greg]

Well I found and fixed my problem today. I'm ashamed at why it took me two weeks of troubleshooting to figure something so silly out.

I guess with 12+ years in the field under my belt and a couple fancy pants College Degree's one can still lose track of the basics of troubleshooting and get stumped on the simple stuff.

Now that Secure Client is connecting I still need to get traffic routed (can't see my internal network yet) but at least the major headache is solved.

Thank you everyone who took the time to answer and read my post

Greg