1. Upgrade to latest SecureClient/SecureRemote build.
2. Check connectivity to gateways.
3. Make sure no network interface card is configured on the SecureClient/SecuRemote client with an IP address that belongs to the encryption domain or internal network.
4. Confirm encryption methods are supported both by FW-1 and SecureRemote/SecureClient.
5. Verify Encryption and key setup on the SecureClient.
6. Confirm Interfaces tab of the FW object contains the NIC driver device names.
7. Make sure there is only one default route from the FW to the Internet.
8. Make sure there are not multiple routes to the Internet from the workstation, server, or network objects included in the encryption domain.
9. If SecureClient/SecureRemote can't connect to a workstation inside the network, make sure the object is in the encryption domain.
10. if multiple network objects are defined for the same firewall, this might lead to enc. tunnel failure.
11. Verify that the hosts table and DNS entries for the firewall match.
12. Check the userc.C file to make sure information is being sent to the SC/SR machine.
13. Make sure the ISP is not blocking certain ports.
SecureRemote = Free
Office Mode = SecureClient
OfficeMode needs a route to the external interface for the Office Mode network.
i.e., 172.16.18.0/24 123.123.123.123 eth0
Make sure policy server is running:
[Expert@firewall]# cpstat -f all polsrv
Check SecureRemote licenses:
[Expert@firewall]# dtps lic
----
Office Mode, which allows you to specify precisely what IP address a client gets, what DNS and WINS servers it gets and the default DNS domain.
Visitor Mode, which is a way to encapsulate IPSec over HTTPS. It allows remote VPN connections to work where IPSec might have issues.
Secure Configuration Verification, a method where the SecureClient software checks various configuration parameters of the client and will not let it connect if it doesn't meet the required configuration.
No comments:
Post a Comment