NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote vpn-1 sp4



Michael,

        I noticed in the log entry, under the combined ESP, that Phase 2 is
completing with DES + SHA1. Looks like you are set up to use DES + MD5...you
might want to verify that on your Securemote users, under the VPN tab
setting, that you have MD5 checked off. You also want to verify on the
SecuRemote client machine itself, under one of the client menus ( I forget
exactly the menu name ) that it also is set properly to DES + MD5, and not
SHA1.

Hope that helps.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Michael Jonsson
Sent: Wednesday, October 17, 2001 11:21 AM
To: [email protected]
Subject: [FW-1] SecuRemote vpn-1 sp4


Phase1 and Phase2 is complet but it is no encrypted traffic going through
the system,
it drops on the clean up rule. The securemote rule is "securemote@any
internalnet any client encrypt".

****************************************************************************
*
"0"  "control" "ctl" ""    ""    "  started sending log to localhost"
"1" "authcrypt" "" "securemote-public-ip" ""   " reason Client Encryption:
Authenticated by Pre-shared secret scheme: IKE methods: DES,IKE,MD5"
"2" "keyinst" "" "securemote-public-ip" "firewall"  " IKE Log: Phase 1
(aggressive) completion. DES/MD5/Pre shared secrets Negotiation Id:
a2261ab772541b02-0b7e3ea3ed284c17"
"3" "keyinst" "" "securemote-public-ip" "firewall"  " scheme: IKE methods:
Combined ESP: DES + SHA1 (phase 2 completion) for host: 192.168.50.150 and
for subnet: 0.0.0.0 (mask= 0.0.0.0)"
"4" "drop"  "ftp"  "192.168.50.150"  "ftp-server-int-ip" " len 48"
****************************************************************************
*

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.