[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IKE Encryption Problems with SecuRemote
Hola Don, Friday, January 11, 2002, 7:05:50 PM, escribió: D> I have been helping another user on this list troubleshoot a SecuRemote D> problem and at this point we are stumped. D> When FWZ is used, everything works fine. D> When IKE is used, nothing works. D> Users can download the topology but authentication hangs. D> Traffic leaves the client system to UDP port 500, arrives at the firewall, D> and then nothing happens (verified through a traffic dump). No return D> traffic is generated at all. D> IKE is enabled on both sides, the user is defined correctly, but the D> remote firewall simply refuses to answer the isakmp exchange. D> The client is running SR 4.1 SP5 on Win2k Professional. D> The firewall is running 4.1 SP5 on Win2k Advanced Server. D> Using this client I can connect to all of my Nokia 4.1 firewalls. D> This is not working whether or not client side NAT is involved. D> Any suggestions would be greatly appreciated. D> Rulebase consists of two rules: D> remote_users@any internal-net ANY Client_Encrypt D> ANY ANY ANY ACCEPT D> Though we have tried many variations on rules and configurations. D> -Don D> ================================================= D> To set vacation, Out Of Office, or away messages, D> send an email to [email protected] D> in the BODY of the email add: D> set fw-1-mailinglist nomail D> ================================================= D> To unsubscribe from this mailing list, D> please see the instructions at D> http://www.checkpoint.com/services/mailing.html D> ================================================= D> If you have any questions on how to change your D> subscription options, email D> [email protected] D> ================================================= Hi, ¿Is there any info in the logs? Have you applied a SP recently? I´ve had problems with securemote where the key exchange failed due to a bad cp.macro file. Take a look at cp.macro file in order to see if there are or not references related to IKE (below MACRO fw1:4.1:vpnmgmt ca ) good luck -- Eduardo Eirós Valle mailto:[email protected] Nextel S.A. Ingeniería Telemática-Area de Seguridad Tlf: +34 944035555 Fax: +34 944035550 Parque Tecnológico Edif. 207, Bloque B, 1º 48170- Zamudio (Bizkaia) ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|