[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FWZ vs. IKE
Title: FWZ vs. IKE Is there any reason that FWZ would work with Client Encrypt Rules and IKE with preshared secrets would not ? I have FWZ working with both Accept and Client Encypt Actions... IKE works fine with Accept actions (I have Decypt on Accept checked) but will NOT pass any traffic on a Client Encrypt action. Using 4.1 SP2 3DES with SR build 4165 .... When the problem occures (trying to pass through a client encrypt rule)the log files simply show:
2. workstation to firewall scheme IKE methods: Combined 3DES+SHA1 (phase 2 completion) for host x.x.x.x and for subnet 0.0.0.0 (mask=0.0.0.0) and then NOTHING... no drops..no decrypts..no traffic..no nothing.... The test workstation is on the same subnet as the external interface...I'm not sure what all those 0's are about... any ideas ? If I use an accept rule, I get the same two entries... PLUS a 3rd:
(the subnet and mask correctly desscribes my encryption domain...and the host IP is the test workstation, just as in entry number 2 in the logs) and then things work... lots of decrypts and traffic flows nicely... So bottom line... what is it about IKE with preshared secrets and Client Encrypt actions ?? something special i need to check ? any help would be greatly appreciated... THanks, Jason
|