[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SecuRemote IKE Hybrid Mode Authentication
Hi, I have configured SecuRemote and IKE Hybrid Mode Authentication, moreover I had to add the :resolve_multiple_interfaces (true) in objects.C. SR is latest (4.1SP3 hotfix xy). Firewall CP 4.1SP3. Rulebase: any firewall-public-int IKE,AH,ESP allow any firewall-object any drop firewall-object any any drop myuser@any encryption-domain ftp clientencrypt Topodownload works quite fine. After authentication of the user there are two log entries for IKE phase 1 and phase 2 negotiation, both are valid. There are only IKE phase1 and phase2 log entries in IKE.elg (gateway). Due to entries in fwenc.log (SecuRemote) the client is trying x times to send encrypted packets to the gateway but the gateway seems not to respond. SecuRemote error: Communication with site (IP Address) has failed. Alltogether it seems that finally SecuRemote tries to reach the wrong IP address not the one which was used for IKE key exchange. Looking at fwenc.log gives me not very much more hints, as I don't know what Checkpoint has implemented. Any hint is really appreciated. Cheers, Josef ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|