[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SecuRemote connection is dropped, although "allowed" (auth succe eds)
Hi, I have configured SecuRemote and IKE Hybrid Mode Authentication, moreover I had to add the :resolve_multiple_interfaces (true) in objects.C. SR is latest (4.1SP3 hotfix xy). Firewall CP 4.1SP3. Rulebase: 1. any firewall-public-int IKE,AH,ESP allow RDP,Topo 2. any firewall-object any drop 3. firewall-object any any drop 4. myuser@any encryption-domain ftp,http Client Encrypt 5. any any any drop Topodownload works quite fine. After authentication of the user there are two log entries for IKE phase 1 and phase 2 negotiation, both are valid. After that the SecuRemote Client starts to send ESP packets which pass the outer router. Firewall Log shows entries dropping the connection at the cleanup rule although especially the service (http) is allowed (Client Encrypt)! Unfortunately this log entry does not show any username (is this necessary), as well the Interfaces field is not daemon but rather qfeX (where X is the adapter to the internet). Shouldn't it be daemon? SecuRemote error: Communication with site (IP Address) has failed. Any hint is really appreciated. Cheers, Josef ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|