Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] IKE Encryption Problems with SecuRemote

To: [email protected]
Subject: Re: [FW-1] IKE Encryption Problems with SecuRemote
From: Yim Lee <[email protected]>
Date: Wed, 23 Jan 2002 08:51:28 -0800
In-reply-to: <@nextel.es>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I am not sure if problem has been fixed.  If it is
good but if not, you might want to make sure that you
have a certificate on the fw gateway.  I had a problem
with IKE because I had a certificate on the management
station and not on the fw gateway.

HTH

Yim
--- Eduardo Eirós Valle <[email protected]> wrote:
> Hola Don,
>
> Friday, January 11, 2002, 7:05:50 PM, escribió:
>
> D> I have been helping another user on this list
> troubleshoot a SecuRemote
> D> problem and at this point we are stumped.
>
> D> When FWZ is used, everything works fine.
>
> D> When IKE is used, nothing works.
>
> D> Users can download the topology but
> authentication hangs.
>
> D> Traffic leaves the client system to UDP port 500,
> arrives at the firewall,
> D> and then nothing happens (verified through a
> traffic dump). No return
> D> traffic is generated at all.
>
> D> IKE is enabled on both sides, the user is defined
> correctly, but the
> D> remote firewall simply refuses to answer the
> isakmp exchange.
>
> D> The client is running SR 4.1 SP5 on Win2k
> Professional.
>
> D> The firewall is running 4.1 SP5 on Win2k Advanced
> Server.
>
> D> Using this client I can connect to all of my
> Nokia 4.1 firewalls.
>
> D> This is not working whether or not client side
> NAT is involved.
>
> D> Any suggestions would be greatly appreciated.
>
> D> Rulebase consists of two rules:
> D> remote_users@any    internal-net    ANY
> Client_Encrypt
> D> ANY                 ANY             ANY    ACCEPT
>
> D> Though we have tried many variations on rules and
> configurations.
>
> D> -Don
>
> D> =================================================
> D> To set vacation, Out Of Office, or away messages,
> D> send an email to [email protected]
> D> in the BODY of the email add:
> D> set fw-1-mailinglist nomail
> D> =================================================
> D> To unsubscribe from this mailing list,
> D> please see the instructions at
> D> http://www.checkpoint.com/services/mailing.html
> D> =================================================
> D> If you have any questions on how to change your
> D> subscription options, email
> D> [email protected]
> D> =================================================
>
> Hi,
>
> ¿Is there any info in the logs? Have you applied a
> SP recently?
> I´ve had problems with securemote where the key
> exchange failed due to a bad cp.macro file. Take a
> look at cp.macro file in order to
> see if there are or not references related to IKE
> (below MACRO fw1:4.1:vpnmgmt      ca   )
>
> good luck
>
>
> --
>
>   Eduardo Eirós Valle
> mailto:[email protected]
>
>   Nextel S.A. Ingeniería Telemática-Area de
> Seguridad
>
>
>   Tlf: +34 944035555  Fax: +34 944035550
>
>   Parque Tecnológico Edif. 207, Bloque B, 1º
>
>   48170- Zamudio (Bizkaia)
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] IKE Encryption Problems with SecuRemote
  - From: Eduardo Eirós Valle <[email protected]>

Prev by Date: Re: [FW-1] policy editor access problem
Next by Date: [FW-1] second save freezes gui client
Previous by thread: Re: [FW-1] IKE Encryption Problems with SecuRemote
Next by thread: Re: [FW-1] IKE Encryption Problems with SecuRemote
Index(es):
- Date
- Thread