Tobias, Yeah....Sorry the info was so sketchy. Some background info:
I had to reinstall the SmartCenter server...and during that I had to do the random seed thing to generate a new CA. So I assume it has something to do with that. But I would figure that a topo update would take care of that? Maybe I should delete usersc.C on my SR laptop....and try again? Actually, though, I think I even tried a new install of SC/SR on a new laptop, but still to no avail....same error..... Using NGAI R55, with latest hot-fixes. FW-1/VPN-1 is on a crossbeam/secureplatform box, and the SmartCenter server is on a Windows 2003 server machine. Thanks for any assistance. Also....when I rebuilt the rule set....I maybe have farked up the VPN configuration...so don't rule that out either... TIA, Joe -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Lachmann, Tobias, PRE Sent: Wednesday, February 23, 2005 2:57 AM To: [email protected] Subject: [FW-1] AW: [FW-1] VPN client to firewall connection fails Hello Joe! Can you give us more information about the complete setup? What certificates do you use? Where do they come from? The message: "Cannot construct a valid certificate chain from peer certificates" indicates, that the two certificates are not signed by the same (internal)-ca or that the certificates can't be validated by the participating partners in the vpn. Regards, Tobias -----Urspr�ngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Im Auftrag von Joe Clifton Gesendet: Dienstag, 22. Februar 2005 17:37 An: [email protected] Betreff: [FW-1] VPN client to firewall connection fails Below is the error I am getting...this is a new install. Maybe I should re-create the CA?? >Checking network connectivity... >Preparing connection... >Connecting to gateway... >Could not validate the certificate used by gateway FWKRE1F at site TU. >Cannot construct a valid certificate chain from peer certificates >IKE negotiation failed >Connection failed ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
