[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IKE Encryption Problems with SecuRemote
strangely enough i have the same problem today. my configs worked great for the past year until the NEs added a new security policy on the routers in front of my firewall modules. we're look at it now.. what i can tell you is that i see no key exchange or install information in the FW logs. i'll let you know what i find ... having the NE look at their logs and ACLs for: tcp 264 udp 500 udp 259 IP Protocol 50 (i think this is for IKE) IP Protocol 94 (i think this is for FWZ) john ----- Original Message ----- From: "Don" <[email protected]> To: <[email protected]> Sent: Friday, January 11, 2002 10:05 AM Subject: [FW-1] IKE Encryption Problems with SecuRemote > I have been helping another user on this list troubleshoot a SecuRemote > problem and at this point we are stumped. > > When FWZ is used, everything works fine. > > When IKE is used, nothing works. > > Users can download the topology but authentication hangs. > > Traffic leaves the client system to UDP port 500, arrives at the firewall, > and then nothing happens (verified through a traffic dump). No return > traffic is generated at all. > > IKE is enabled on both sides, the user is defined correctly, but the > remote firewall simply refuses to answer the isakmp exchange. > > The client is running SR 4.1 SP5 on Win2k Professional. > > The firewall is running 4.1 SP5 on Win2k Advanced Server. > > Using this client I can connect to all of my Nokia 4.1 firewalls. > > This is not working whether or not client side NAT is involved. > > Any suggestions would be greatly appreciated. > > Rulebase consists of two rules: > remote_users@any internal-net ANY Client_Encrypt > ANY ANY ANY ACCEPT > > Though we have tried many variations on rules and configurations. > > -Don > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|