[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecuRemote with IKE
Hello again, Thought everthing was solved..but it seems after one thing is solve anothe problem pops-up. I dont get the "User not define properly" anymore. But it seems i dont get any response either. When i ping using my SRClient to the internal ip, i get a request timeout. Accesing the internal web gives nothing either. Even pinging to the FW external ip gives me the same result. I've allowed rules for pinging the internal ip and allowed a rule for SRClient to go into the internal lan.This is how my rule base looks like 1. ANY FW RDP IKE Accept UDP_2746 UDP_500 2.SRGroup@Any Encyrpt_Domain Any ClientEncrpyt FW 3.Encrypt_Domain Any Any Accept 4.Any Encyrpt_Domain icmp Accept At my FW object i chose both UDP and FWZ as my encryption scheme. I've checked the Exportable for Secure Remote box. I've generated both the Local and the DH keys for my FWZ scheme. And for IKE i choose all three types of key exchange, DES,3DES and CAST. For the User object however, i've only set IKE as my encryption method and i selected DES as my encryption algorithm. At my SRClient i've also choose IKE as my encryption scheme and i only check "IKE over TCP" for IKE Settings. I wonder if theres anything else that i miss. Authentication to Firewall was great but after that nothing happens. >From the Firewall logs i can see that key exchange does happen and when i tried accesing my internal webpages, i can see that traffic from the SRClient to the internal ip is getting decrypted for http services, but im not getting my webpage. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|