NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Securemote not working. Should l use Hybrid IKE?



Currently from my W2K PC behind my Linksys router (most current
firmware) l can update the site with the current key successfully using
securemote (build 4188) from our Nokia IP440 (version 4.1 SP3).

But whenever l try to use telnet, FTP or Timbuktu (these are all l've
tried so far) using the internal ip on our internal network behind our
Nokia IP440 l authenticate successfully, but then nothing happens, it
seems to hang and there are no messages in the log file after the
successfull authentication message.

I am using IKE only with UDP encapsulation and support IKE over TCP
options. FW-1 is also configured to use IKE. I have set all of my
encryption and FW1 profile settings to log everything.

I am running on a 192.168.5.* network behind the linksys, and a our
internal network behind the IP440 is 1192.68.50.*, so l am sure it's not
the ip getting it confused.

I have also set hybrid Mode Securemote authentication on the firewall
object, but have not yet set up the Certificate authority. Could that be
confusing it?

my FW rule is:  secureremote@any              securegroup
any            client encrypt              log long.

I have seen that there are some things l could do, like use hybrid IKE.
I was told to use this because we are running securemote from clients
behind a Linksys router using DSL (no static ip address), l was advised
that we should be using hybrid mode IKE authentication.

To set up the certificate authority l telnet to the ip440 (we don't have
a seperate management station), and CD to $FWDIR/bin, stop the firewall
and then use the following command:

fw internalca certify -o trek "o=boston, c=us"

What do the "o=boston" and "c=us" options mean? should l be changing
these values to something for our site? Is "boston" a remote user?
Should l do this process for each user?

I have also seen people recommend to add Did you add:

:dns_xlate (true)
:dns_encrypt (true)

to the userc.C file on the firewall. Where do l insert it? Does anything
have to be done to the objects.C file?

Sorry for all the questions, but l really want to get it right soon, as
l'm getting management pressure.

Regards,

Alan.

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.