Re: [FW1] Secure Remote doesn't perform authentication

[Greg Polanski <greg_polanski@FW1-NOSPAMadc.com>]

I have fought the same problem.  Here is what I have learned.

1. 
Drop any domain objects in objects.C
	Even though the domain objects had nothing to do with my
	securemote rules, they killed FW performance such that
	the IKE process did not get enough resources to run.

	You can confirm the interaction by
	tcpdump .... port 500 or snoop -d ... port 500
	You will see the client connecting, but the FW is slow/never
	answers

2. 
fwhmem  The default fwhmem has been too small in my environment.
	One cause may have been the domain objects.  Making fwhmem bigger
	improved VPN

3. 
If linksys, LATEST firmware, then enable IPSEC pass through

4. 
If any wireless LAN, LATEST firmware.  One vendor had problem
	with MTU sizes and assembling packets.

greg


> -----Original Message-----
> From: Rui Ribeiro [mailto:rui@techemail.com]
> Sent: Wednesday, August 22, 2001 10:52 AM
> To: fw-1-mailinglist@beethoven.us.checkpoint.com
> Cc: eduardopereirabm@hotmail.com
> Subject: [FW1] Secure Remote doesn't perform authentication
>
>
>
>
> Hi folks.
>
> We're having quite of a rough time w/ Secure Remote and FW-1 4.1.
>
> When we're authenticating a client with a Secure remote, after inputting the
> user name and password is:
>
> 1) clicking in the secure remote icon, it displays the message "Exchanging
> keys with a firewall"
>
> 2) After a while, i.e. peharps a minute, the machine displays a message box
> with the following text "Error: no answer received from a Firewall at site
> .x.x.. If the problem persists, please contact your system
> administrator.
>
> 3) There also aren't any logs of the user login.
>
> The version of the firewall and capabilities are the same as the
> SecureRemote client.
> The tests via the users and port 259 perform without any trace of problems.
> We're also able to syncronize the site in the secureremote icon.
>
> So has somebody any sugestion for this problem?
>
> Thanks in advance,
> Rui Ribeiro
>
>
> _____________________________________________________________
> Are you a Techie? Get Your Free Tech Email Address Now! Visit
> http://www.TechEmail.com
>
>
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
>
>
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


--
_______________________________________________________________
Greg Polanski                    mailto:greg_polanski@adc.com
ADC Telecommunications, IncMSFAX
PO Box 1cell/pager
Minneapolis, MN  55440-493@mobile.att.net
_______________________________________________________________



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================