Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails

To: Greg Polanski <[email protected]>
Subject: Re: [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails
From: CryptoTech <[email protected]>
Date: Sat, 11 Nov 2000 09:12:33 -0500
Cc: Firewall One List <[email protected]>
References: <[email protected]>
Sender: [email protected]

Are the remote boxes upgraded as well (to v4.1x?)  If not, you will have to turn off
'supports key exchanges for subnets' under the vpn/ike tab on the firewall object.
Unless there is a backward compatibility module for the nokia, then you may have
problems with IKE clients as well (unless you flip the aforementioned switch.)

HTH,
CryptoTech

Greg Polanski wrote:

> I recently upgraded a Nokia 440 from FW v4.0 to FW1 v4.1 SP2.
> I also upgraded IPSO from 3.1.* to 3.2.1
> Strong encryption is installed and licensed.
> See below.
>
> HOWEVER, I cannot get IKE to work, neither for SecuRemote
> nor for gateway-gateway VPN.   FWZ SecuRemote works fine.
>
> What do I have to do to the nokia to get IKE encryption to
> work?  I know that the setup is correct in the gateway definition
> because it matches other gateways where gateway-gateway VPN
> is working.
>
> When I tcpdump the external interface, I see the handshake coming
> in, but do not see the answer going back out.
> The other gateway logs "... No response from peer"
>
> If I missed something in the FAQ, please please call
> me stupid, BUT let me know where it is so I can get
> smarter.  (In other words, I am stumped by this.)
>
> Thank you
>
> greg
>
> P.S. the nokia reseller started off the tech support response
> with the following
>         "Much of what you are asking involves services that are not
>         covered under a support contract."
> Not much hope there!!
>
> avsfw1[admin]# fw ver -k
> This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build
> 41716 IPSO-build-15 SDK-849  [VPN + DES + STRONG]
> kernel: Version 4.1 SP-2 Build 41716 IPSO-build-15 SDK-849 [VPN + DES +
> STRONG]
>
> avsfw1[admin]# fw printlic
> This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build
> 41716 IPSO-build-15 SDK-849 (10Nov2000 16:40:01)
>
> Host             Expiration Features
> 206.41.6.177     Never      cpvp-vsr-1000-v41 CK-D...
> 206.41.6.177     Never      cpfw-enc-u-3des-module-v41 CK-...
> 206.41.6.177     Never      cpfw-fm-u-v41 CK-...
>
> --
>
> _______________________________________________________________
> Greg Polanski                    mailto:[email protected]
> ADC Telecommunications, Inc> MSFAX
> PO Box 1pager
> Minneapolis, MN  [email protected]
> _______________________________________________________________
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails
  - From: Greg Polanski <[email protected]>

References:
- [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails
  - From: Greg Polanski <[email protected]>

Prev by Date: Re: [FW1] User@any with client encrypt VS workstation with accept
Next by Date: Re: [FW1] Securemote FWZ enc and re-authentication after 15 minutes
Previous by thread: [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails
Next by thread: Re: [FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails
Index(es):
- Date
- Thread