[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Securemote 4.1 issues
You can turn on all VPN logging under global properties. Wayne --- Tim Brigley <[email protected]> wrote: > I'm having some problems with VPN-1 Secureclient 4.1 > 3-des build 4200. Its > talking to the 4.1 firewall successfully, downloads > and updates the > keys/encryption domain properly, asks for > username/password when i try to > access a subnet in the encrypted_zone, however when > it attempts to > "exchanging keys with a firewall" it always returns > with the following error > message > > Error: No answer received from a firewall at site > XX.XX.XX.XX. If this > problem persists, please contact your system > administrator. > > Whats most odd is i get *NOTHING* in the log > viewer.. i've even gone through > the Main properties and turned on any extra logging > i find. Still no > indication of whats actually wrong. > > > The main firewall module is running > # fw ver -k > This is Check Point VPN-1(TM) & FireWall-1(R) > Version 4.1 Build 41624 [VPN + > DES + STRONG] > kernel: Version 4.1 [VPN + DES + STRONG] Build 41512 > > Licensing is all good, we are replacing an older > VPN-1 box with newer > hardware, the great 2003 blackout knocked the old > one around and its become > unstable.. I can't get into it with the gui to > compare rulesets/settings, > for now its barely running and we need to get this > new box in to replace it. > > I have the core VPN rule as follows, and for testing > purposes so far i have > NO OTHER RULES IN THE RULESET. > > Source Destination Service > Action Track Install On > VPN_USERS@any Encrypted_zone Any > Client Encrypt Long Gateways > > *Note- Client Encrypt i've tryd ignore and intersect > with the database, the > same error is produced. > > The Encrypted_zone is several subnets behind the VPN > that we wish to allow > access too. > > The firewall object is marked as a VPN-1/FW1 4.1, > Internal, Gateway, > Management Station. > the proper IP's and subnets (external first). The > VPN page has the same > "encrypted_zone" object used in the rule above using > only FWZ, and > encapsulation is checked after the Key manager/DH > key page. The > Authentication page is set to use the VPN-1/FW-1 > Password only. No Certs or > Nating, SNMP is disabled. > > my test user is in the VPN_USERS group, and the user > database has been > pushed to the firewall. > > From what i understand, and the documentation i've > located on the net, > everything appears to be setup correctly.. the > securemote client, pops up > and asks for the password for any of the subnets in > the encrypted_zone, i've > updated it regularly if the encrypted_zone has > changed. Just no go. > > If you have any advice or suggestions i'm all ears. > > -Tim > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|