[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Réf. : [FW-1] Secure Remote issues FP3
Hello When you write sr_users@any | INTERNAL_NET, FW | any | client encrypt | log you authorize your securemote user to send start of connection cleartext packets to FW So it should read sr_users@any | INTERNAL_NET | any | client encrypt | log instead Do you have your implicit rules activated ? If not Do you manage userc.c files in a specific way (ie preconfigure the laptops using SDS or sending userc.c by email to your users) ? If not Then, you need to authorize FW1_topo (port 264) from any to the firewall. THis is used by the clients to download a security policy. If yes Then you should debug connections both on the firewall (vpn debug on|ikeon) and on the securemote (c:\fwenc.log) If yes See debug option above !! On the other hand, make sure that your client is NOT installed with securedesktop functions otherwise it will want to talk using the PS_logon_NG protocol to the (non existing) policy server (by default the firewall itself) HTH Ivan Robert Leach <[email protected]> Envoyé par : Mailing list for discussion of Firewall-1 <[email protected]> 12/11/2002 00:08 Veuillez répondre à Mailing list for discussion of Firewall-1 Pour : [email protected] cc : Objet : [FW-1] Secure Remote issues FP3 After creating a new policy with traditional rules and not simplified, I now have an encrypt option under action however I seem to have a new problem. I can authenticate the user but now I get "encryption failure" received a cleartext packet within an encrypted connection" This is Secure Remote not Secure Client so I dont have a policy server running. I do have a "Desktop Security Tab" which has no rules I also tried with 2 rules: inbound any | sr_users | any | accept | log outbound sr_users | any | any | accept | log have also tried encypt for action. under the "Security Tab" I have the following any | FW | AH, ESP, FW1_topo, IKE, IKE_tcp, RDP | accept | log sr_users@any | INTERNAL_NET, FW | any | client encrypt | log In global options I have the following checked ACCEPT VPN1,FW1 connections This is starting to drive me insane what am I missing??? I know its likely to be something simple but I must be overlooking it. __________________________ Robert Leach ECOS Technologies 1410 Broadway, 27th Floor New York, NY 10018 Phone:Fax:[email protected] www.ecostech.com Only the named recipient(s) should read this e-mail. It may contain privileged or confidential information. If you are not a named recipient or you received this email by mistake, please notify me immediately by reply email and delete the message. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|