NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Réf. : [FW-1] Secure Remote issues FP3



Hello

When you write sr_users@any | INTERNAL_NET, FW | any | client encrypt | log
you authorize your securemote user to send start of connection cleartext
packets to FW

So it should read
sr_users@any | INTERNAL_NET | any | client encrypt | log
instead

Do you have your implicit rules activated ?
If not
        Do you manage userc.c files in a specific way (ie preconfigure the
laptops using SDS or sending userc.c by email to your users) ?
                If not
                        Then, you need to authorize FW1_topo (port 264)
from any to the firewall. THis is used by the clients to download a
security policy.
                If yes
                        Then you should debug connections both on the
firewall (vpn debug on|ikeon) and on the securemote (c:\fwenc.log)
If yes
See debug option above !!

On the other hand, make sure that your client is NOT installed with
securedesktop functions otherwise it will want to talk using the
PS_logon_NG protocol to the (non existing) policy server (by default the
firewall itself)

HTH

Ivan





Robert Leach <[email protected]>
Envoyé par : Mailing list for discussion of Firewall-1
<[email protected]>
12/11/2002 00:08
Veuillez répondre à Mailing list for discussion of Firewall-1


        Pour :  [email protected]
        cc :
        Objet : [FW-1] Secure Remote issues FP3

After creating a new policy with traditional rules and not simplified, I
now
have an encrypt option under action however I seem to have a new problem.
I
can authenticate the user but now I get "encryption failure" received a
cleartext packet within an encrypted connection"  This is Secure Remote
not
Secure Client so I dont have a policy server running.  I do have a
"Desktop
Security Tab" which has no rules I also tried with 2 rules:

inbound
  any | sr_users | any | accept | log
outbound
  sr_users | any | any | accept | log

have also tried encypt for action.

under the "Security Tab" I have the following

any     | FW    | AH, ESP, FW1_topo, IKE, IKE_tcp, RDP  | accept        |
log

sr_users@any | INTERNAL_NET, FW | any | client encrypt | log

In global options I have the following checked

ACCEPT VPN1,FW1 connections



This is starting to drive me insane what am I missing???  I know its
likely
to be something simple but I must be overlooking it.

__________________________
Robert Leach
ECOS Technologies
1410 Broadway, 27th Floor
New York, NY 10018
Phone:Fax:[email protected]
www.ecostech.com
Only the named recipient(s) should read this e-mail. It may contain
privileged or confidential information. If you are not a named recipient
or
you received this email by mistake, please notify me immediately by reply
email and delete the message.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.