[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Problem with secure remote
Hi Eyal, I had the same problem with SecuRemote. Here's an help file. I've followed all the instructions and everything's working fine now. -----Original Message----- From: Eyal Rif [mailto:[email protected]] Sent: 14 décembre, 2000 16:53 To: '[email protected]' Subject: [FW1] Problem with secure remote Hi, I recently encountered an error with secure remote after installing SP2 (strong version) on fw4.1 (Solaris). While trying to create a site within secure remote I get the following error : Site xx.xx.xx.xx says that it is not a Certificate Authority, and check whether xx.xx.xx.xx is indeed a FW-1 control station. This definitely not a licenses problem since I currently have all the licenses needed. Did anybody encountered this problem before ? Any help will be appreciated...... Thanks, ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== Attachment:
SecuRemotehelp.doc 1) Solution: Error: "Site at X.X.X.X is not licensed to be a Certificate Authority......" (55.0.633) On the Management Station go to Security Policy Editor -> Policy -> Properties -> Desktop Security and un-check the following boxes: Desktop is Enforcing Required Policy Policy is installed on Interfaces Only TCP/IP Protocols are used Install the policy Problem Description Error: "Site at X.X.X.X is not licensed to be a Certificate Authority......" Unable to download topology Error message on the SecuRemote client -2)--------------------------------------------------- Solution: Error: "Site <IP_Address> says that it is not a Certificate Authority" (36.0.333) 1. If using IKE, make sure that in the Policy Properties > Encryption tab that Respond to Unauthenticated Cleartext Topology Requests isn't enabled. 2. If using FWZ, open the FireWall object and go to the Encryption tab. Edit FWZ to make sure the CA and DH keys are generated. 3. Setup a static NAT for the management station on the FireWall. The SecuRemote client will need to contact this valid address for the management station in order to receive the CA and DH keys. After this the encryption tunnel will be setup to the FireWall and SecuRemote can work with the invalid IP addresses. Problem Description Error: "Site <IP_Address> says that it is not a Certificate Authority" -3)------------------------------------------------------- Solution: Authentication problems when using the FWZ encryption scheme on Windows 9X machines. (3.947) There are three possible solutions: 1. Change the router, or 2. Modify the router policy, or 3. Increase the MTU of your Client to 1500. The packet will therefore not be fragmented, and will reach FireWall-1. To do this: Use Control Panel Network to view the Network Properties. Double-click on the modem adapter, Click the Advanced tab, and Choose Large packet size. Reboot. Problem Description Authentication problems when using the FWZ encryption scheme on Windows 9X machines. Dial-Up Network DUN 1.3 is installed. (DUN 1.3 is installed by default on Windows 98)
|