[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote vpn-1 sp4
Michael, I noticed in the log entry, under the combined ESP, that Phase 2 is completing with DES + SHA1. Looks like you are set up to use DES + MD5...you might want to verify that on your Securemote users, under the VPN tab setting, that you have MD5 checked off. You also want to verify on the SecuRemote client machine itself, under one of the client menus ( I forget exactly the menu name ) that it also is set properly to DES + MD5, and not SHA1. Hope that helps. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Michael Jonsson Sent: Wednesday, October 17, 2001 11:21 AM To: [email protected] Subject: [FW-1] SecuRemote vpn-1 sp4 Phase1 and Phase2 is complet but it is no encrypted traffic going through the system, it drops on the clean up rule. The securemote rule is "securemote@any internalnet any client encrypt". **************************************************************************** * "0" "control" "ctl" "" "" " started sending log to localhost" "1" "authcrypt" "" "securemote-public-ip" "" " reason Client Encryption: Authenticated by Pre-shared secret scheme: IKE methods: DES,IKE,MD5" "2" "keyinst" "" "securemote-public-ip" "firewall" " IKE Log: Phase 1 (aggressive) completion. DES/MD5/Pre shared secrets Negotiation Id: a2261ab772541b02-0b7e3ea3ed284c17" "3" "keyinst" "" "securemote-public-ip" "firewall" " scheme: IKE methods: Combined ESP: DES + SHA1 (phase 2 completion) for host: 192.168.50.150 and for subnet: 0.0.0.0 (mask= 0.0.0.0)" "4" "drop" "ftp" "192.168.50.150" "ftp-server-int-ip" " len 48" **************************************************************************** * =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|