[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Losing SA with Secure Remote Client 4.1 and FW1 4.1sp2]
On Sat, Nov 04, 2000 at 02:04:37PM -0500, CryptoTech wrote: > Are there any other services running on the FW? No, its NT4 and we've shut down all the M$ crap. What are the contents of your > encryption domain? Our two 'internal' networks, a 'DMZ' and 'PRIVATE' network. Its a Network Group Object that contains these two network objects. ITs checked 'Exportable for SecurRemote' > Are you using Unauthed topology download, and what is the main I think so. At the SR client (win95) we install SR. Open SR, enter in IP address of the external gateway for the firewall. the site icon appears for our firewall. I open a dos window and ping the machine in the PRIVATE network (192.168.1.101) After a moment the SR login window pops up. - we have users using passwords, not certs - enter the username and password, and SR exchanges keys w/ firewall After about 2 min I can ping and ssh machines in internal nets. after about 10 min I get the SA errors, and SR and the Firwall never re-establish another SA. > ip address in the firewall workstation object? (must be external) > Yes, its external and a valid ip address. Any ideas? -andy > > [email protected] wrote: > > > Hello: > > > > I've got the latest Fw1 on NT and Secure Remote Client installed and > > working. I've applied the sp2 to the FW1 server. > > > > I'm using IKE to connect, and it works, but there are two big problems: > > > > 1. exchanging keys takes 2 mins ! > > > > 2. after about 7-10 min, the Client loses its SA (security association) > > with the server. The server tries and tries to re-establish a sa, but it > > never happens. > > > > This happens on Secure Remote Clients on both win95 and win98. > > > > Has anyone come across this with Secure Remote Client and FW1? > > > > -andy diller > > > > ================================================================================ > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|