You need to un-check the VPN and leave it un-checked.
Roger Herr
WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say "Why Not?"
-Robert F. Kennedy
Or the original
You see things; and you say "Why?" But I dream things that never were; and I
say "Why not?"
George Bernard Shaw
(1856-1950)
----- Original Message
----- Original Message -----
From: "Bob Grabbe" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, August 01, 2008 10:05 AM
Subject: Re: [FW-1] Trying to recreate vpn certificate
I'm not sure what you mean by this. The only certificate I'm seeing in the
dashboard is on the properties of the gateway, under the vpn tab. This is
the one I'm trying to delete and renew, but I'm not able to delete it,
even
after disabling everything related to the vpn.
If this is not the same cert you are talking about, cold you send me more
info on what procedure you would be referring to and what cert ?
I'll basically try almost anything at this point, I'm very open to
suggestions.
Thanks
Bob Grabbe
Michigan Proteome Consortium
[EMAIL PROTECTED]
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Claudia
Cordova
Sent: Friday, August 01, 2008 10:42 AM
To: [email protected]
Subject: Re: [FW-1] Trying to recreate vpn certificate
Did you try revoke the cert for GW or SC?
Enviado desde mi BlackBerry
-----Original Message-----
From: Bob Grabbe <[EMAIL PROTECTED]>
Date: Tue, 29 Jul 2008 09:53:55
To: <[email protected]>
Subject: [FW-1] Trying to recreate vpn certificate
I apologize for the long post, but this is my second day trying to resolve
this, no one seems to have any answers that work, I'm restating the
problem
in hopes of further suggestions.
Environment is a Checkpoint R54 NG AI installation running on Red Hat. Ver
on the firewall shows Check Point SecurePlatform NG with Application
Intelligence build 142. Up until yesterday everything was working, then
the
vpn certificate expired. My understanding is that it should have
automatically renewed itself, but this didn't happen.
Currently I'm running the dashboard on a Windows XP platform, and I can
only
connect to the firewall if I set the date on my pc to be before the expiry
date. The firewall is showing the current date, but I have to set my local
pc to July 29 or earlier or I get the error that the cert has expired,
date
is wrong, etc. Seems strange to me that it would be on my local pc that I
have to change the date, but that's what is working.
What I've tried so far:
1. In the firewall properties, disables the vpn-1 took the firewall out of
any vpn communities, got everything to the point where I should be able to
delete the cert and recreate it. I get an error "Unable to contact
Certificate Authority on the management station" (I actually get this also
when trying to edit the firewall's properties, but then the edit window
opens).
If I look at the internal_ca, I have no problem opening it to view it's
properties, though. It's expiry is set to 2023.
2. Ssh to the server, run cpstop, try to run cpca_client to revoke, then
recreate the cert. This is in line with SK20905, but trying to revoke I
get
an error:"Error, rc=-1 err=-96 Connection error" This seems like it is
indicating an error talking to the ca, but I'm not sure of this. Haven't
tried deleting and recreating the ca, as I thought this could be a bit
scary. Cpconfig does show that the ca is running, though.
No combination of ways to run the revoke_cert works, I consistently get
the
same error.
At this point I'm assuming or thinking that there's a problem with the ca,
any suggestions to debug this would be appreciated.
Bob Grabbe
Michigan Proteome Consortium
[EMAIL PROTECTED]
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
