1. Home
  2. Networking Firewalls
  3. Problems creating first site using SecuRemote

Problems creating first site using SecuRemote

Hi,

I'm trying to connect to my office using SecuRemote R56 build 619, on Windows XP Pro SP2 (rebuilt last week so pretty clean). I think there is Nokia/FW-1 at the other end that I'm trying to reach.

When I try and define a site, I get asked for the ip address of the server, and then use Standard mode and off it goes to try and connect, but it times out a few minutes later with the message:

"Operation timed out. This may have happened because your network connection is slow, or because of a communication problem."

Before I rebuilt the machine, I could connect okay. My machine has the same private IP address on my home LAN as it had previuosly, and I have made no changes to my wireless router. I have allowed the service through both Windows firewall and my personal firewall, Sygate SPF. I have tried disabling both firewalls too with no success. Other users can connect over the VPN fine, it is only myself who has this problem.

What I would like to know (as I'm not a network engineer) is what questions I should be asking the firewall admins at work? Also is there any logging I can enable on my SecuRemote client? The admins claim that nothing has changed at work, and that they can "see me" hitting the firewall and being allowed through.

Basically, how should I go about faulting this problem, where should I look, and what sensible questions can I ask of my busy and overworked firewall admins.

Thanks in advance!

Reply to
potatan
Loading thread data ...

and then you wonder why you're experiencing random network problems?

You cannot disable it without complete uninstallation.

Reply to
Sebastian Gottschalk

Err, thanks for the helpful advice about how to fault the problem. My configuration has worked fine with SPF before, but I just uninstalled SPF and rebooted just in case - same result.

Notice that I'm trying to get help on trying to diagnose the problem myself rather than saying "d00d! My netowrk thing ain't working can u tell me how to fix it pls k thx"

Cheers

Reply to
potatan

is that the right mode according to your admins?

I doubt "they see" you if you have a "timeout"

ask them if, they see your vpnconnection actually established, if they dont, they should see an error.

can you even ping the remote gateway?

check your ipconfig /all before and while you try to connect and send it to them

the securemote has logfiles under "advanced", send those to your admins.

M
Reply to
mak
1) check with "srfw monitor" if your personal firewall is blocking communication with the remote vpn gateway. C:\\Program Files\\CheckPoint\\SecuRemote\\bin>srfw monitor

2) quick and dirty: copy the userc.C over from another working pc. Look at: C:\\Program Files\\CheckPoint\\SecuRemote\\database

Br. Robby

Reply to
Robby Cauwerts

I'd do #2 as well. Just remember to stop the Check Point services BEFORE you copy it over or it will get overwritten.

Ray

Reply to
JJ

Thanks for the good responses. I enabled logging and sent the output to a colleague but he couldn't fault it from that. I ran the srfw monitor and could see plenty of activity (acks etc. from the gateway server) which looked okay to me, but still no joy. So I visited the office this morning with my laptop and tried from there, still no good.

We went through all the settings together and then spotted that I had only installed the SecuRemote option, not the SecureClient, despite confirming several times that this was the option I should have been using. I guess things look different over one's shoulder to how they sound over the phone! A quick reinstall and I managed to configure the connection whilst attached to the office LAN, then proved it was good by attaching to an external network cable and connecting back in.

I have a desktop at home which still refused to connect after a reinstall, but I took your advice and copied userc.c from my working laptop to the desktop PC, and now that works fine too.

So now I have two machines that can connect, despite having Windows Firewall enabled, and my personal firewall switched on. Thanks for your help guys, although this means that I will now get asked to do more work from home...

Paul

Reply to
potatan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.