[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecRemote: No answer received ...




Remember FWZ does not encapsulate the IP portion of the packet.  Only the
data portion.  NAT'ng could be giving issues.

Check the users.c file for the correct topology info.


Tim Cullen
CCSA, CCSE
DigitalMoJo, Inc.

-----Original Message-----
From: Chilton Tim [mailto:[email protected]]
Sent: Tuesday, January 23, 2001 9:35 AM
To: 'Christoph Nagelreiter'; Secure 1 Mailing List (E-Mail)
Subject: RE: [FW1] SecRemote: No answer received ...



I received this from someone who preferred to (has to :->) remain anonymous,
posting on their behalf.

RAM upgrade will make the VPN run much better. Ask your VAR about
CPVA-A440-256M-D; 256MB DIMM Upgrade Kit (this is the number for a 440)
There's also a Nokia Hardware accellerator card...don't know the price
though....


-----Original Message-----
From: Chilton Tim [mailto:[email protected]]
Sent: 23 January 2001 13:36
To: 'Christoph Nagelreiter'; Secure 1 Mailing List (E-Mail)
Subject: RE: [FW1] SecRemote: No answer received ...



Hi,

Check that following :-

1. Do you have the IP address of the firewall's external interface listed in
the first page of the firewall object

2. Does the IP NAT pool have a routing entry at OS level that maps it to the
fw object, also does the internal network know where to route this network
to ?

3. what does the firewall log say ?
Look for any deauthorise type events
Note that you need to turn this on with 
	Policy, Properties, Log implied rules 
	Policy, IP NAT Pool, Log address allocation and release
	On the client encrypt rule you have - select long logging.

4. If you are trying to use IKE then you can only download the topology from
outside your network (ie dialed up) - whereas FWZ allows this internally and
externally.

5. Ensure that you only have ONE default gateway on your firewall - this
should be at OS level and only on the Internet facing interface, all other
interfaces have no default gateway.

You also don't need to modify the HOSTS file for the topo download, although
you will want DNS/WINS to work for network browsing - this is not your first
problem though.

Is the rest of the FW working OK or is it only doing VPN comms ?

HTH

Cheers

Tim

-----Original Message-----
From: Christoph Nagelreiter [mailto:[email protected]]
Sent: 23 January 2001 09:13
To: Secure 1 Mailing List (E-Mail)
Subject: [FW1] SecRemote: No answer received ...



Hi,

After i downloaded the topology, i�m always getting the same error message:

	No answer received from a FireWall at site x

Firewall configuration:

FWZ encryption (--> encapsulation), IP Nat Pool (private ip), Users (FW-1
password), encdomain(our intranet)

Client configuration:

encryption FWZ, it�s possible to get an update from fw-1, set password ( but
i don�t get a logon confirmation!)


Do i have a routing problem? 
Where do i configure my firewall as default gateway?
Do i have to modify the hosts-file at the client?

Thank you.

chris





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================