Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,Possibly a question for a Checkpoint forum but i can't seem to find too much info plus I do not administer the ChkPt.i have users on a customer site with various versions - mainly 4.7.x but some 5.x which is where i have the problem.Some 4.7.x cli...
Hi,Altho' generally using no-split-tunnelled RA vpn setups there are some instances where it is necessary. Some staff work extensively on a customer site and need access to our resources as well as those of the site.It seems to me that the big sticki...
Hi,This is a wierd request as it flies in the face of the purpose of vpn clients but I ahve my reasons:We don't like Split-T but we have a userbase on a customer site that require it. I have made a special profile for them but they tend to hand out t...
Hi all,Basic questions before the details: Does an explicit deny on an ASA 5510 7.2(2) send a RST packet back to a SYN scanner? Why does it not just drop the packet? Can I make it do so? Do I understand what I'm doing? Details: Got a client running ...
Hi all,I'm not sure what's missing here. I moved a FW over the weekend and now only have console access. It's a 5520 running 8.0(3). From the config I have the usual:ssh scopy enablessh 10.x.0.0 255.255.0.0 Axxssh timeout 10ssh version 2telnet 10.x.0...
Hi Colin,Yeah that's what I would have thought. But at least one of the 5.x clients seem to do otherwise ... if i believe the log info I got from the ChkPt admin.For the user it most happens to I've added: UseLegacyIKEPort=0to the .pcf file. She's ...
Fixed my own problem .. comes down to DNS suffixes.group-policy POLICY-01 attributes <..snip..> dns-server value x.x.x.x !# the DNS of home - i.e. to whom the vpn clients are connecting to <..snip..> split-tunnel-policy tunnelspecified <..snip..> d...
Hi Colin .. afraid it doesn't. SSL vpns require expensive licensing I believe (pls correct me if I'm wrong) and my Co. is a scrooge at the moment. We have a TS but if all the required users jump on it at the same time it will die.Re: Citrix see comme...
Thanks jorgemcse,A bit low on time to read that whole doco right now so I won't rate your post. But thanks anyway and it will be good to investigate using the ASA as a local CA server on top of my current issue.Regards,Mike
