[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Securemote 4.1 issues
I'm having some problems with VPN-1 Secureclient 4.1 3-des build 4200. Its talking to the 4.1 firewall successfully, downloads and updates the keys/encryption domain properly, asks for username/password when i try to access a subnet in the encrypted_zone, however when it attempts to "exchanging keys with a firewall" it always returns with the following error message Error: No answer received from a firewall at site XX.XX.XX.XX. If this problem persists, please contact your system administrator. Whats most odd is i get *NOTHING* in the log viewer.. i've even gone through the Main properties and turned on any extra logging i find. Still no indication of whats actually wrong. The main firewall module is running # fw ver -k This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 Build 41624 [VPN + DES + STRONG] kernel: Version 4.1 [VPN + DES + STRONG] Build 41512 Licensing is all good, we are replacing an older VPN-1 box with newer hardware, the great 2003 blackout knocked the old one around and its become unstable.. I can't get into it with the gui to compare rulesets/settings, for now its barely running and we need to get this new box in to replace it. I have the core VPN rule as follows, and for testing purposes so far i have NO OTHER RULES IN THE RULESET. Source Destination Service Action Track Install On VPN_USERS@any Encrypted_zone Any Client Encrypt Long Gateways *Note- Client Encrypt i've tryd ignore and intersect with the database, the same error is produced. The Encrypted_zone is several subnets behind the VPN that we wish to allow access too. The firewall object is marked as a VPN-1/FW1 4.1, Internal, Gateway, Management Station. the proper IP's and subnets (external first). The VPN page has the same "encrypted_zone" object used in the rule above using only FWZ, and encapsulation is checked after the Key manager/DH key page. The Authentication page is set to use the VPN-1/FW-1 Password only. No Certs or Nating, SNMP is disabled. my test user is in the VPN_USERS group, and the user database has been pushed to the firewall. >From what i understand, and the documentation i've located on the net, everything appears to be setup correctly.. the securemote client, pops up and asks for the password for any of the subnets in the encrypted_zone, i've updated it regularly if the encrypted_zone has changed. Just no go. If you have any advice or suggestions i'm all ears. -Tim ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|