Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SecuRemote can't exchange keys w/VPN-1

To: "Mills, Paul" <[email protected]>
Subject: Re: [FW1] SecuRemote can't exchange keys w/VPN-1
From: CryptoTech <[email protected]>
Date: Mon, 19 Feb 2001 09:42:58 -0500
Cc: [email protected]
References: <E693E9B1A5B0D31189BA0008C7910A5202780B93@srvex-arl.americredit.com>
Reply-to: [email protected]
Sender: [email protected]

Paul,
Just a few questions:
You got them to sell you gold support for an eval -- ah - no matter.

Is the firewall object ip the external interface?  Non-authenticated requests use
FWZ for topology download, which is not interface specific, but the key exchange and
encryption in SP1 will require that the client be able to communicate directly with
the ip address defined under manage->network objects-> <your firewall object - main
ip address>

Lemme know how this results.
Cheers,
CT

"Mills, Paul" wrote:

> Here are the details:
>
> VPN-1 4.1 SP1 on NT 4.0 Server(SP6a)
> Eval License
> SecuRemote build 4174
>
> I cannot get SecuRemote to authenticate with the firewall.  I can do a
> topology update but when I enter the username/password in SecuRemote, it
> says "Exchanging Keys with Firewall" and times out with a "Firewall did not
> answer" error message.
>
> I was on my way to trying Hybrid IKE authentication...I have already created
> the CA and the certificate.
> I have searched through saved emails from this list for the past year and
> have not found a solution.
>
> Encryption Domain is created; Exportable for SecuRemote is checked
> FW responds to unauthenticated topology requests
> FW object is configured with IKE (Pre-Shared Secret) and FWZ (Keys
> generated, FWZ encapsulate)
> User is created with IKE authentication (password); user is in the SR group
> Rule is S: SRgroup@any   D: Encryption Domain   Ser: Any   Act: Client
> Encrypt
> Client Encrypt properties NOT checked for "...desktop configuration
> options..."
>
> I need help on this.  I think my Checkpoint Gold support expired.
>
> Thanks in advance!
>
> Paul Mills
> CCSA, CCSE
> Data Security Analyst-Firewalls
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] SecuRemote can't exchange keys w/VPN-1
  - From: "Mills, Paul" <[email protected]>

Prev by Date: Re: [FW1] Spam Mail problem
Next by Date: Re: [FW1] Nated machines can't access Internet
Previous by thread: [FW1] SecuRemote can't exchange keys w/VPN-1
Next by thread: [FW1] 1 to 1 NAT config questions, Help!
Index(es):
- Date
- Thread