error message: syn -> syn-ack -> rst

ok, the more I read this thread, the more I think I'm misunderstanding the flow of traffic. Are you trying to initiate a connection from a server on your internal LAN to a remote host that's using Securemote?

Initially I was but in Checkpoint's wisdom I've found that I cannot initiate a connection from within the encyrption domain to an external securemote user. As result I allowed in the rule base two way connection from the external user's public ip to the public ip of the company server via port 8080.

Like I said earlier it used to work but now it doesn't (the external user had a change of ip everyday and I would reflect this change for his object in the rulebase) After the 2nd or 3rd change that's when it stopped working.

I finally told him to turn off ALL firewalls at his end and back at the office I creted arule to allow ALL traffic between his pc and the server here via public ips. Again no result although in the logs fo port 8080 it was green and then that syn - syn:ack - rst error

What application are you trying to run? Maybe if I knew more about what traffic you're trying to pass I might be better able to troubleshoot it.

Here's another thought. Add your own home machine to that same rule and see if you can connect. That will at least narrow the problem down to his PC.

It's Tomcat - apparently it listens on port 8080 but as that didn't work we tried 8081...still no joy.