[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecuRemote problem
Do all the encryption modes jive for everything ( i.e. the users are defined for 3DES, they are using the 3DES Secure Client, and its set correctly on the firewall object?) Andy David J. Muller International / Egis, Inc. -----Original Message----- From: Little, Craig (SSI-SIAP-NP5) [mailto:[email protected]] Sent: Wednesday, September 20, 2000 11:42 AM To: [email protected] Subject: [FW1] SecuRemote problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is another of what seems to be an ever ending list of problems with SecuRemote in recent weeks. I have upgraded from 4.1 SP1 DES to 4.1 SP2 3DES tonight. In order to make sure things worked, I backed up my config files, uninstalled, reinstalled and restored config files (obejcts.C, rulebases.fws etc), and re-applied the Split/Encrypted DNS mods. When my SecuRemote users (mixture of 4157 and 4165, all DES) log in, they are authenticated correctly, but they cannot communicate with any machines on the network. I can see the nameserver and nbname packets correctly directed to the DNS and WINS servers in the logs, but info is not returned to the client. Pinging a machine by IP address shows the decrypted packet come into the network, but there is no echo-reply. There have been no routing changes, no changes to the Pool NAT configuration. The only change is the installation of the 3DES software and upgrade to SP2. I have followed all the usual procedures - push the policy out to the servers, update the site info in SR, but nothing seems to work. It's almost as though there is no state info to allow the packets back out to the SR users - but nothing is being dropped (at least not in the logs). I have 3 hours to get this fixed, or roll back to SP1. Any ideas? Craig. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOcgw+4AS1Tpq5ZYvEQJZUgCff22biEC4fiBodz7gRDgZWavdwPAAnj8+ VaCxFXSCNnoI817w8EF4D+Ce =Vt33 -----END PGP SIGNATURE----- ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|