[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecRemote: No answer received ...
Hi, Check that following :- 1. Do you have the IP address of the firewall's external interface listed in the first page of the firewall object 2. Does the IP NAT pool have a routing entry at OS level that maps it to the fw object, also does the internal network know where to route this network to ? 3. what does the firewall log say ? Look for any deauthorise type events Note that you need to turn this on with Policy, Properties, Log implied rules Policy, IP NAT Pool, Log address allocation and release On the client encrypt rule you have - select long logging. 4. If you are trying to use IKE then you can only download the topology from outside your network (ie dialed up) - whereas FWZ allows this internally and externally. 5. Ensure that you only have ONE default gateway on your firewall - this should be at OS level and only on the Internet facing interface, all other interfaces have no default gateway. You also don't need to modify the HOSTS file for the topo download, although you will want DNS/WINS to work for network browsing - this is not your first problem though. Is the rest of the FW working OK or is it only doing VPN comms ? HTH Cheers Tim -----Original Message----- From: Christoph Nagelreiter [mailto:[email protected]] Sent: 23 January 2001 09:13 To: Secure 1 Mailing List (E-Mail) Subject: [FW1] SecRemote: No answer received ... Hi, After i downloaded the topology, i´m always getting the same error message: No answer received from a FireWall at site x Firewall configuration: FWZ encryption (--> encapsulation), IP Nat Pool (private ip), Users (FW-1 password), encdomain(our intranet) Client configuration: encryption FWZ, it´s possible to get an update from fw-1, set password ( but i don´t get a logon confirmation!) Do i have a routing problem? Where do i configure my firewall as default gateway? Do i have to modify the hosts-file at the client? Thank you. chris ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|