Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Losing SA with Secure Remote Client 4.1 and FW1 4.1sp2]

To: CryptoTech <[email protected]>
Subject: Re: [FW1] Losing SA with Secure Remote Client 4.1 and FW1 4.1sp2]
From: [email protected] (Andrew Diller)
Date: Fri, 1 Dec 2000 11:40:01 -0500
Cc: [email protected]
In-reply-to: <[email protected]>; from [email protected] on Sat, Nov 04, 2000 at 02:04:37PM -0500
References: <[email protected]> <[email protected]>
Sender: [email protected]


On Sat, Nov 04, 2000 at 02:04:37PM -0500, CryptoTech wrote:
> Are there any other services running on the FW? 

No, its NT4 and we've shut down all the M$ crap.


 What are the contents of your
> encryption domain?

Our two 'internal' networks, a 'DMZ' and 'PRIVATE' network.

Its a Network Group Object that contains these two network objects.

ITs checked 'Exportable for SecurRemote'


>  Are you using Unauthed topology download, and what is the main

I think so.

At the SR client (win95) we install SR.

Open SR, enter in IP address of the external gateway for the firewall.
  the site icon appears for our firewall.

I open a dos window and ping the machine in the PRIVATE network (192.168.1.101)

After a moment the SR login window pops up.
  - we have users using passwords, not certs
  - enter the username and password, and SR exchanges keys w/ firewall

After about 2 min I can ping and ssh machines in internal nets.

after about 10 min I get the SA errors, and SR and the Firwall never re-establish another SA.


> ip address in the firewall workstation object?  (must be external)
> 
Yes, its external and a valid ip address.


Any ideas?

-andy



> 
> [email protected] wrote:
> 
> > Hello:
> >
> > I've got the latest Fw1 on NT and Secure Remote Client installed and
> > working. I've applied the sp2 to the FW1 server.
> >
> > I'm using IKE to connect, and it works, but there are two big problems:
> >
> > 1. exchanging keys takes 2 mins !
> >
> > 2. after about 7-10 min, the Client loses its SA (security association)
> > with the server. The server tries and tries to re-establish a sa, but it
> > never happens.
> >
> > This happens on Secure Remote Clients on both win95 and win98.
> >
> > Has anyone come across this with Secure Remote Client and FW1?
> >
> > -andy diller
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
Next by Date: RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
Previous by thread: RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
Next by thread: [FW1] FireWall-1, 40000 connections, and a hammered processor...
Index(es):
- Date
- Thread