[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Hybrid Mode
Title: RE: [FW1] Hybrid Mode
What about the other settings in "Policy->Properties->Desktop Security"? Try unchecking all the boxes on the bottom half of the page (from Required Policy for All Desktops on down) and setting the Required Policy to "Allow All".
But let's take a step backwards...what method of authentication are you using for the Hybrid IKE? I'm using RADIUS for my 'alternative' method of authentication and that, for me, works like a champ. Are you sure that whatever method you're using for auth is valid and configured to be used by FW-1 properly?
Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp
-----Original Message-----
From: charles kings [mailto:[email protected]]
Sent: Friday, September 08, 2000 1:09 PM
To: [email protected]; [email protected]
Subject: RE: [FW1] Hybrid Mode
Thanks Jeff for your reply, When I saw the undocumented "GOTCHA"in your
response, my eyes opened up wide. Unfortunately, my client encrypt evil
little twit was already unchecked. Any other ideas?
Thanks in advance...Chuck
>From: "Oxenreider, Jeff" <[email protected]>
>To: 'charles kings' <[email protected]>,
>[email protected]
>Subject: RE: [FW1] Hybrid Mode
>Date: Fri, 8 Sep 2000 12:20:57 -0400
>
>I've seen this, actually, I just went through this myself. One little
>undocumented "GOTCHA". If you look at your client encrypt rule, and go
>into
>the client encrypt action properties, you'll see a bright spanking new
>checkbox that wasn't there before. "Apply Rule Only if Desktop
>Configuration Options are Verified" uncheck this evil little twit (unless
>you're running desktop policies I guess) and you'll find that your sessions
>will begin to encrypt/decrypt again.
>
>I spent two hours on the phone with CP tech support trying to get
>Hybrid/IKE
>running, and they didn't mention this little box at all. I found it about
>20 minutes after I got off the phone with them, and then sent them an email
>so they can hopefully add it to their database.
>
>Good luck!
>
>
>
>Jeffrey A. Oxenreider
>Network Analyst
>Safelite Glass Corp
>
>
>
>-----Original Message-----
>From: charles kings [mailto:[email protected]]
>Sent: Friday, September 08, 2000 11:49 AM
>To: [email protected]
>Subject: [FW1] Hybrid Mode
>
>
>
>Greetings,
>
>I am trying to implement Hybrid Mode IKE for Securemote authentication and
>have followed all the instructions listed in the CheckPoints document
>written by Joe Dipietro. While all steps checked, when I try to
>authenticate with a user setup for IKE (DES), I get the following messega
>at
>
>the securemote client. " Negotiation with firewall at site x has fialed. No
>common authentication method with fw" The logs don't display anything at
>all. Please not that prior to this setup I was able to authenticat using
>IKE setups, but not anymore.
>
>Has anyone out there had the same problem? The version I am using are as
>follow:
>
>FW - Gateway and management station (separate) ver 4.1 Build 41716 strong.
>
>SecuRemote client - Secureclient ver 4.1 SP1-DES Build 4157
>
>Any help will be appreciated...Chuck
>_________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>Share information about yourself, create your own public profile at
>http://profiles.msn.com.
>
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
