[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] FWZ vs. IKE
Jason, Can you confirm that you have your internal network specified in the Firewalls encryption domain. Also check that userc.c file contains information regarding your internal network. There looks to be some sort of an issue there. Paul Carmichael IT Security Engineer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SecureNet Ltd Level 3, 1 James Place, North Sydney, NSW 2000 AUSTRALIA Ph: +61 2 9957 1000 Email: [email protected] Fx: +61 2 9957 1111 Web : http://www.securenet.com.au ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: Jason Kent [mailto:[email protected]] Sent: Wednesday, 15 November 2000 7:21 AM To: '[email protected]' Subject: [FW1] FWZ vs. IKE ************************************************************** This message has been scanned for viruses. ************************************************************** Is there any reason that FWZ would work with Client Encrypt Rules and IKE with preshared secrets would not ? I have FWZ working with both Accept and Client Encypt Actions... IKE works fine with Accept actions (I have Decypt on Accept checked) but will NOT pass any traffic on a Client Encrypt action. Using 4.1 SP2 3DES with SR build 4165 .... When the problem occures (trying to pass through a client encrypt rule)the log files simply show: 1. workstation to firewall IKE Log: Phase 1 (agressive) completion. 3DES/MD5/Pre shared secrets Negotiation ID: (insert ID here) 2. workstation to firewall scheme IKE methods: Combined 3DES+SHA1 (phase 2 completion) for host x.x.x.x and for subnet 0.0.0.0 (mask=0.0.0.0) and then NOTHING... no drops..no decrypts..no traffic..no nothing.... The test workstation is on the same subnet as the external interface...I'm not sure what all those 0's are about... any ideas ? If I use an accept rule, I get the same two entries... PLUS a 3rd: firewall to workstation scheme IKE methods: Combined ESP: 3DES+SHA1(phase 2 completion) for subnet x.x.x.x (mask 255.255.255.192)and for host x.x.x.x (the subnet and mask correctly desscribes my encryption domain...and the host IP is the test workstation, just as in entry number 2 in the logs) and then things work... lots of decrypts and traffic flows nicely... So bottom line... what is it about IKE with preshared secrets and Client Encrypt actions ?? something special i need to check ? any help would be greatly appreciated... THanks, Jason ********************************************************************** To stay up to date with the latest SecureNet news and events click on the following link direct to our website www.securenet.com.au/news This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|