About m.surtees

m.surtees · 09-30-2009

Hi,Possibly a question for a Checkpoint forum but i can't seem to find too much info plus I do not administer the ChkPt.i have users on a customer site with various versions - mainly 4.7.x but some 5.x which is where i have the problem.Some 4.7.x cli...

m.surtees · 07-15-2009

Hi,Altho' generally using no-split-tunnelled RA vpn setups there are some instances where it is necessary. Some staff work extensively on a customer site and need access to our resources as well as those of the site.It seems to me that the big sticki...

m.surtees · 05-20-2009

Hi,This is a wierd request as it flies in the face of the purpose of vpn clients but I ahve my reasons:We don't like Split-T but we have a userbase on a customer site that require it. I have made a special profile for them but they tend to hand out t...

m.surtees · 05-14-2009

Hi all,Basic questions before the details: Does an explicit deny on an ASA 5510 7.2(2) send a RST packet back to a SYN scanner? Why does it not just drop the packet? Can I make it do so? Do I understand what I'm doing? :)Details: Got a client running...

m.surtees · 05-12-2009

Hi all,I'm not sure what's missing here. I moved a FW over the weekend and now only have console access. It's a 5520 running 8.0(3). From the config I have the usual:ssh scopy enablessh 10.x.0.0 255.255.0.0 Axxssh timeout 10ssh version 2telnet 10.x.0...

m.surtees · 10-01-2009

Hi Colin,Yeah that's what I would have thought. But at least one of the 5.x clients seem to do otherwise ... if i believe the log info I got from the ChkPt admin.For the user it most happens to I've added: UseLegacyIKEPort=0to the .pcf file. She's ...

m.surtees · 07-16-2009

Fixed my own problem .. comes down to DNS suffixes.group-policy POLICY-01 attributes <..snip..> dns-server value x.x.x.x !# the DNS of home - i.e. to whom the vpn clients are connecting to <..snip..> split-tunnel-policy tunnelspecified <..snip..> d...

m.surtees · 07-15-2009

Hi Colin .. afraid it doesn't. SSL vpns require expensive licensing I believe (pls correct me if I'm wrong) and my Co. is a scrooge at the moment. We have a TS but if all the required users jump on it at the same time it will die.Re: Citrix see comme...

m.surtees · 05-20-2009

Thanks jorgemcse,A bit low on time to read that whole doco right now so I won't rate your post. But thanks anyway and it will be good to investigate using the ASA as a local CA server on top of my current issue.Regards,Mike

m.surtees · 05-17-2009

hi ppoouellet,Unfortunately that's not it either. No 'service ...' cmd in there. Thanks for the reply,Mike

Member Since	‎08-17-2005 07:59 PM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	70

User Statistics

User Activity

Cisco RA vpn client through a checkpoint

DNS Remote access VPN

Best way to allow a vpn profile only from one address

What happens to TCP packet when it hits explicit deny in ACL

Quirky one: Logging in

Re: Cisco RA vpn client through a checkpoint

Re: DNS Remote access VPN

Re: DNS Remote access VPN

Re: Best way to allow a vpn profile only from one address

Re: What happens to TCP packet when it hits explicit deny in ACL