[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IKE Encryption Problems with SecuRemote
I am not sure if problem has been fixed. If it is good but if not, you might want to make sure that you have a certificate on the fw gateway. I had a problem with IKE because I had a certificate on the management station and not on the fw gateway. HTH Yim --- Eduardo Eirós Valle <[email protected]> wrote: > Hola Don, > > Friday, January 11, 2002, 7:05:50 PM, escribió: > > D> I have been helping another user on this list > troubleshoot a SecuRemote > D> problem and at this point we are stumped. > > D> When FWZ is used, everything works fine. > > D> When IKE is used, nothing works. > > D> Users can download the topology but > authentication hangs. > > D> Traffic leaves the client system to UDP port 500, > arrives at the firewall, > D> and then nothing happens (verified through a > traffic dump). No return > D> traffic is generated at all. > > D> IKE is enabled on both sides, the user is defined > correctly, but the > D> remote firewall simply refuses to answer the > isakmp exchange. > > D> The client is running SR 4.1 SP5 on Win2k > Professional. > > D> The firewall is running 4.1 SP5 on Win2k Advanced > Server. > > D> Using this client I can connect to all of my > Nokia 4.1 firewalls. > > D> This is not working whether or not client side > NAT is involved. > > D> Any suggestions would be greatly appreciated. > > D> Rulebase consists of two rules: > D> remote_users@any internal-net ANY > Client_Encrypt > D> ANY ANY ANY ACCEPT > > D> Though we have tried many variations on rules and > configurations. > > D> -Don > > D> ================================================= > D> To set vacation, Out Of Office, or away messages, > D> send an email to [email protected] > D> in the BODY of the email add: > D> set fw-1-mailinglist nomail > D> ================================================= > D> To unsubscribe from this mailing list, > D> please see the instructions at > D> http://www.checkpoint.com/services/mailing.html > D> ================================================= > D> If you have any questions on how to change your > D> subscription options, email > D> [email protected] > D> ================================================= > > Hi, > > ¿Is there any info in the logs? Have you applied a > SP recently? > I´ve had problems with securemote where the key > exchange failed due to a bad cp.macro file. Take a > look at cp.macro file in order to > see if there are or not references related to IKE > (below MACRO fw1:4.1:vpnmgmt ca ) > > good luck > > > -- > > Eduardo Eirós Valle > mailto:[email protected] > > Nextel S.A. Ingeniería Telemática-Area de > Seguridad > > > Tlf: +34 944035555 Fax: +34 944035550 > > Parque Tecnológico Edif. 207, Bloque B, 1º > > 48170- Zamudio (Bizkaia) > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|