quote:

---

Originally posted by:
"Hi All,We use SecureClient NG FP3 with the same version of Policy Server, Checkpoint NG FP3 running on Nokia platform IPSO 3.5.we are able to establish VPN tunnel using PSTN and broadband, we have made sure that address scheme used within the encryption domain namely192.168.x.0  DMZ10.x.0.0 remote office110.y.0.0 remote office210.z.0.0 remote office3is different from a remote NATed address for instance in the case of broadband, With the GPRS i have spoken to 02-GPRS provider, they have enabled APN which facilitates the use of a third party VPN product like Secureclient. The virtual adapter created by the Wireless GPRS card binds with Secureclient, we are able to browse the internet, but when we try the secureclient we are unable to establish a tunnel, we get errror communicating with gateway, or communcation with gateway failed, with no logs, i am able to ping the external interface of the Firewall, Bear in mind the GPRS card dynamically assigns a 10 address range different from the range listed above, and we are NATed to a public 193.113.x.t address. In the rulebase we have explicit rules allowing traffic from the 193.113.x.0 network, there's no static routing enabled or Network address translation, please has any1 any ideas for the way forward, as i keep hitting a stumbling blockthanks AllAd"

---

Vodafone D2 also uses 10.x.0.0 address ranges. (10.226, 10.227, 10.244. AFAIK). Probably this collides with your internal ranges so that the client does not encrypt when a target address from this range is selected.

Checkpoint advises to use Office Mode, which is unfortunately only available with SecureClient.

IP Pool NAT will not help, because that happens on the firewall, not on the client.

I heard there is a patch that forces SecuRemote to always encrypt the traffic, but I do not have it available.

Is there a way to set the encryption domain of your network not to overlap with the ranges used on the GPRS?