[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote vpn-1 sp4
Problem also lies in that it would seem that they've forced ike by default which breaks any fwz securemote users. On 2001.10.18 09:08 Steven Thomason wrote: > Also, I have had the same problem. You use to be able to have multiple > options selected such as FWZ and IKE. Now with the latest service pack > you > must have only ONE option set for it to work correctly. For me to get > secure > clients to work correctly, I only choose IKE, 3DES, and whatever other > option I want (SHA1 or MDS). Do not configure anything else or give > multiple > options. It use to work fine but now has gotten very picky. > Steven > > -----Original Message----- > From: Arthur de Vera [mailto:[email protected]] > Sent: Wednesday, October 17, 2001 4:53 PM > To: [email protected] > Subject: Re: [FW-1] SecuRemote vpn-1 sp4 > > Michael, > > I noticed in the log entry, under the combined ESP, that Phase 2 > is > completing with DES + SHA1. Looks like you are set up to use DES + > MD5...you > might want to verify that on your Securemote users, under the VPN tab > setting, that you have MD5 checked off. You also want to verify on the > SecuRemote client machine itself, under one of the client menus ( I > forget > exactly the menu name ) that it also is set properly to DES + MD5, and > not > SHA1. > > Hope that helps. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]]On Behalf Of > Michael Jonsson > Sent: Wednesday, October 17, 2001 11:21 AM > To: [email protected] > Subject: [FW-1] SecuRemote vpn-1 sp4 > > > Phase1 and Phase2 is complet but it is no encrypted traffic going through > the system, > it drops on the clean up rule. The securemote rule is "securemote@any > internalnet any client encrypt". > > **************************************************************************** > * > "0" "control" "ctl" "" "" " started sending log to localhost" > "1" "authcrypt" "" "securemote-public-ip" "" " reason Client > Encryption: > Authenticated by Pre-shared secret scheme: IKE methods: DES,IKE,MD5" > "2" "keyinst" "" "securemote-public-ip" "firewall" " IKE Log: Phase 1 > (aggressive) completion. DES/MD5/Pre shared secrets Negotiation Id: > a2261ab772541b02-0b7e3ea3ed284c17" > "3" "keyinst" "" "securemote-public-ip" "firewall" " scheme: IKE > methods: > Combined ESP: DES + SHA1 (phase 2 completion) for host: 192.168.50.150 > and > for subnet: 0.0.0.0 (mask= 0.0.0.0)" > "4" "drop" "ftp" "192.168.50.150" "ftp-server-int-ip" " len 48" > **************************************************************************** > * > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|