[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Problem with secure remote
Hi Eyal,
I had the same problem with SecuRemote. Here's an help file. I've followed
all the instructions and everything's working fine now.
-----Original Message-----
From: Eyal Rif [mailto:[email protected]]
Sent: 14 décembre, 2000 16:53
To: '[email protected]'
Subject: [FW1] Problem with secure remote
Hi,
I recently encountered an error with secure remote after installing SP2
(strong version) on fw4.1 (Solaris).
While trying to create a site within secure remote I get the following error
:
Site xx.xx.xx.xx says that it is not a Certificate Authority, and check
whether xx.xx.xx.xx is indeed a FW-1 control station.
This definitely not a licenses problem since I currently have all the
licenses needed.
Did anybody encountered this problem before ?
Any help will be appreciated......
Thanks,
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
Attachment:
SecuRemotehelp.doc
Description: MS-Word document
1)
Solution: Error: "Site at X.X.X.X is not licensed to be a Certificate
Authority......" (55.0.633)
On the Management Station go to Security Policy Editor -> Policy ->
Properties -> Desktop Security and un-check the following boxes:
Desktop is Enforcing Required Policy
Policy is installed on Interfaces
Only TCP/IP Protocols are used
Install the policy
Problem Description
Error: "Site at X.X.X.X is not licensed to be a Certificate Authority......"
Unable to download topology
Error message on the SecuRemote client
-2)---------------------------------------------------
Solution: Error: "Site <IP_Address> says that it is not a Certificate
Authority" (36.0.333)
1. If using IKE, make sure that in the Policy Properties > Encryption tab
that Respond to Unauthenticated Cleartext Topology Requests isn't enabled.
2. If using FWZ, open the FireWall object and go to the Encryption tab. Edit
FWZ to make sure the CA and DH keys are generated.
3. Setup a static NAT for the management station on the FireWall. The
SecuRemote client will need to contact this valid address for the management
station in order to receive the CA and DH keys. After this the encryption
tunnel will be setup to the FireWall and SecuRemote can work with the
invalid IP addresses.
Problem Description
Error: "Site <IP_Address> says that it is not a Certificate Authority"
-3)-------------------------------------------------------
Solution: Authentication problems when using the FWZ encryption scheme on
Windows 9X machines. (3.947)
There are three possible solutions:
1. Change the router, or
2. Modify the router policy, or
3. Increase the MTU of your Client to 1500. The packet will therefore not be
fragmented, and will reach FireWall-1. To do this:
Use Control Panel Network to view the Network Properties.
Double-click on the modem adapter,
Click the Advanced tab, and
Choose Large packet size.
Reboot.
Problem Description
Authentication problems when using the FWZ encryption scheme on Windows 9X
machines.
Dial-Up Network DUN 1.3 is installed. (DUN 1.3 is installed by default on
Windows 98)
