[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] NG VPN-1/Secure Client - FWZ works, IKE doesn't, no errors report ed.
Dear firewallers - This is my scenario: Running the latest build of NG and Secure Client on a hardened NT test box. Built the firewall from an ruleset based on previous version working box with IKE VPN. Installed fresh certificates for everything. Attempted test with various encryption levels - reduced to lowest for this example: Tested Secure Client with FWZ and it works fine, change to IKE and the logs are as follows: "login - SSL - DES+ SHA1, Internal Password :Success reason: User authenticated by Firewall. Sending SSL Encrypted Topology, using IKE authentication" ..then if I ping a host or telnet to an SMTP port of a known server (i.e. the same test for FWZ) there is no response and the firewall log displays: "Key Install - IKE - ESP DES + SHA1 IKE: Quick Mode completion IKE IDs: host: [internal host IP address] and host: [external host IP address]" ....so with IKE perhaps somewhere the packets are being dropped, rerouted, or otherwise ignored but neither party is complaining. Checked and confirmed that: The ISP is not using NAT in any way. The ping firewall hostname test works on the server - it returns its external IP address. I am installing the policy at the firewall each time and deleting and reloading the topology each time on the client. Any ideas? Chris Glaister Network analyst (CCSA/CCSE) ______________________________________________ Capital International Limited. This message is bound by terms and conditions. For further information please follow http://www.capital-iom.com/disclaimer.htm =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|