[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Problem setting up securemote connection to FW-1 SP3(encrypt ionfailure: No peer gateway found for the destination scheme:

To: [email protected]
Subject: Re: [FW-1] Problem setting up securemote connection to FW-1 SP3(encrypt ionfailure: No peer gateway found for the destination scheme:
From: Matthias Leu <[email protected]>
Date: Wed, 14 Nov 2001 07:28:27 +0100
Organization: AERAsec Network Services and Security GmbH
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,
you will need a rule accepting Client Encrypt, because the way you have
defined the rule will need a static peer.
Try to define a user group in which smith is in. Then try this rule:
smithgroup@any    smiths_machine    PCanywhere  ClientEncrypt   long
So the user has to authenticate (which can also be automated). Check it the
properties of ClientEncrypt are set correctly - and then it should work.
Hope it helps
best regards
Matthias


Alan Choyna wrote:

> Hi folks,
>
> I'm trying to set up my FW-1 4.1 SP3 to be able to allow securemote
> (build 4188) access from external machines.
>
> The external PC's are each sitting behind a linksys router (firmware
> 1.40.1) using either DSL or Cable internet connections, using non static
> external ip addresses.
>
> I installed the encryption license (DES3), and have configured a user
> (smith) with the user Authentication scheme VPN-1 & Firewall 1 Password,
> with Encryption options IKE & FWZ checked.
>
> I have created the following rules:
>
> any     Smiths_machine_behind_FW1      PCanywhere      encrypt.
>
> We are using securemote (build 4188) and have checked the IKE option
> under tools/Encryption, and Force UPD encapsulation and Support IKE over
> TCP under its advanced settings.
>
> When smith trys to connect from his external PC, the following rejects
> appear in the Log "encryption failure: No peer gateway found for the
> destination scheme: IKE."
>
> Is the error because l do not have a domain object as the source? If so,
> how would l set up a domain object which doesn't have an static ip?
>
> What encrytion/logon/securemote services should l allow?
>
> We wish to use DES3. Have l set the correct options on the user object?
> and the securemote client options?
>
> Anything special to do in the Policy properties?
>
> Sorry for all the questions, but there are so many variables here, that
> l find myself lost.
>
> Regards,
>
> Alan.
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] Problem setting up securemote connection to FW-1 SP3 (encrypt ion failure: No peer gateway found for the destination scheme:
  - From: Alan Choyna <[email protected]>

Prev by Date: [FW-1] how to config FW for exchange?
Next by Date: Re: [FW-1] installing NG or CP2000 on Solaris 8 x86
Prev by thread: [FW-1] Problem setting up securemote connection to FW-1 SP3 (encrypt ion failure: No peer gateway found for the destination scheme:
Next by thread: [FW-1] installing NG or CP2000 on solaris 8 x86
Index(es):
- Date
- Thread