Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] "Make sure that the user is properly defined on the firewall"

To: [email protected]
Subject: Re: [FW-1] "Make sure that the user is properly defined on the firewall"
From: Tim Jones <[email protected]>
Date: Tue, 18 Dec 2001 16:36:52 -0800
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello.

We created a custom installation by taking the userc.c
file from a working install and using it on the CD.
One of the issues we ran into, however, is that you
can't see nor change the encryption scheme -- the menu
option simply isn't there.  Any idea why this would
occur?   I know it's right in this case (we use IKE,
and I can see the initial IKE packet(s) coming from
the client in log viewer), but I found this strange
nonetheless.

The software matches as well... 3DES in both cases.

By looking at the log viewer and running tcpdump, I
can see an IKE packet come from the client, then
firewall tries a key exchange by sending a packet or
two to the client.  This is when the client gets the
aforementioned error, though.  Also of note is that
the final ISAKMP (sp) packet is a 'NOTIFICATION'
packet as per tcpdump.  Not sure if this is relevant
to anything or not.

Thanks,
Tim



--- Yim Lee <[email protected]> wrote:
> Tim,
>
> 1.  Make sure the user's encryption scheme (IKE or
> FWZ) on the client is the same as the user profile
> on
> the firewall.
>
> 2.  Make sure the user has the correct securemote
> software (DES or Strong DES) that matches the
> firewall
> properties.
>
> Yim
> --- Tim Jones <[email protected]> wrote:
> > Hello.
> >
> > Does anyone know what the error "make sure that
> the
> > user is properly defined on the firewall." means
> in
> > SecureRemote?  A new VPN user is getting this
> error
> > upon key exchange, but I can authenticate with his
> > account just fine from my own machine.
> >
> > Thanks!
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Check out Yahoo! Shopping and Yahoo! Auctions for
> > all of
> > your unique holiday gifts! Buy at
> > http://shopping.yahoo.com
> > or bid at http://auctions.yahoo.com
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
>
> __________________________________________________
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for
> all of
> your unique holiday gifts! Buy at
> http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] "Make sure that the user is properly defined on the firewall"
  - From: Yim Lee <[email protected]>

Prev by Date: Re: [FW-1] VPN-1
Next by Date: Re: [FW-1] Floodgate Problems
Previous by thread: Re: [FW-1] "Make sure that the user is properly defined on the firewall"
Next by thread: [FW-1] Routing for 2 vlans
Index(es):
- Date
- Thread