[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IKE Encryption Problems with SecuRemote
Don, Do you have a certificate on your firewall gateway? Look at your firewall object under the certicates tab. HTH Yim --- John Castillo <[email protected]> wrote: > strangely enough i have the same problem today. my > configs worked great for > the past year until the NEs added a new security > policy on the routers in > front of my firewall modules. > > we're look at it now.. what i can tell you is that i > see no key exchange or > install information in the FW logs. i'll let you > know what i find ... > having the NE look at their logs and ACLs for: > > tcp 264 > udp 500 > udp 259 > IP Protocol 50 (i think this is for IKE) > IP Protocol 94 (i think this is for FWZ) > > john > ----- Original Message ----- > From: "Don" <[email protected]> > To: <[email protected]> > Sent: Friday, January 11, 2002 10:05 AM > Subject: [FW-1] IKE Encryption Problems with > SecuRemote > > > > I have been helping another user on this list > troubleshoot a SecuRemote > > problem and at this point we are stumped. > > > > When FWZ is used, everything works fine. > > > > When IKE is used, nothing works. > > > > Users can download the topology but authentication > hangs. > > > > Traffic leaves the client system to UDP port 500, > arrives at the firewall, > > and then nothing happens (verified through a > traffic dump). No return > > traffic is generated at all. > > > > IKE is enabled on both sides, the user is defined > correctly, but the > > remote firewall simply refuses to answer the > isakmp exchange. > > > > The client is running SR 4.1 SP5 on Win2k > Professional. > > > > The firewall is running 4.1 SP5 on Win2k Advanced > Server. > > > > Using this client I can connect to all of my Nokia > 4.1 firewalls. > > > > This is not working whether or not client side NAT > is involved. > > > > Any suggestions would be greatly appreciated. > > > > Rulebase consists of two rules: > > remote_users@any internal-net ANY > Client_Encrypt > > ANY ANY ANY ACCEPT > > > > Though we have tried many variations on rules and > configurations. > > > > -Don > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|