I made the change from INTERNAL_NET, FW to just INTERNAL_NET and see this is the logs. This is currently being tested in office on the same network.
Source and Destination are the same for only the first 4 then the destination changes from the internal IP of the FW to the EXT IP LOG1 ACCEPTS IKE TCP PACKET SOURCE_IP->INT_IP_FW LOG2 LOGIN "CLIENT ENCRYPTION:AUTHENTICATED BY INTERNAL PASSWORD" SOURCE_IP-> INT_IP_FW LOG3 KEY INSTALL:IKE:MAIN MODE [TCP] COMPLETION SOURCE_IP->INT_IP_FW LOG4 ACCEPT IKE SOURCE_IP->INT_IP_FW LOG5 KEY INSTALL: IKE Quick Mode Completion: IKE ID's subnet 0.0.0.0 (mask=0.0.0.0) and SOURCE_IP SOURCE_IP->EXT_IP_FW LOG6 Decrypt: Tunnel Test SOURCE_IP->EXT_IP_FW Log7 Drop SOURCE_IP->EXT_IP_FW ICMP received a cleartext packet within an encrypted connection __________________________ Robert Leach ECOS Technologies 1410 Broadway, 27th Floor New York, NY 10018 Phone: 212.944.8286 x20 Fax: 212.944.8852 [EMAIL PROTECTED] www.ecostech.com Only the named recipient(s) should read this e-mail. It may contain privileged or confidential information. If you are not a named recipient or you received this email by mistake, please notify me immediately by reply email and delete the message. -----Original Message----- From: Ivan Vassileff [mailto:ivan@;CLUB-INTERNET.FR] Sent: Tuesday, November 12, 2002 2:25 AM To: [EMAIL PROTECTED] Subject: [FW-1] R�f. : [FW-1] Secure Remote issues FP3 Hello When you write sr_users@any | INTERNAL_NET, FW | any | client encrypt | log you authorize your securemote user to send start of connection cleartext packets to FW So it should read sr_users@any | INTERNAL_NET | any | client encrypt | log instead Do you have your implicit rules activated ? If not Do you manage userc.c files in a specific way (ie preconfigure the laptops using SDS or sending userc.c by email to your users) ? If not Then, you need to authorize FW1_topo (port 264) from any to the firewall. THis is used by the clients to download a security policy. If yes Then you should debug connections both on the firewall (vpn debug on|ikeon) and on the securemote (c:\fwenc.log) If yes See debug option above !! On the other hand, make sure that your client is NOT installed with securedesktop functions otherwise it will want to talk using the PS_logon_NG protocol to the (non existing) policy server (by default the firewall itself) HTH Ivan Robert Leach <[EMAIL PROTECTED]> Envoy� par : Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> 12/11/2002 00:08 Veuillez r�pondre � Mailing list for discussion of Firewall-1 Pour : [EMAIL PROTECTED] cc : Objet : [FW-1] Secure Remote issues FP3 After creating a new policy with traditional rules and not simplified, I now have an encrypt option under action however I seem to have a new problem. I can authenticate the user but now I get "encryption failure" received a cleartext packet within an encrypted connection" This is Secure Remote not Secure Client so I dont have a policy server running. I do have a "Desktop Security Tab" which has no rules I also tried with 2 rules: inbound any | sr_users | any | accept | log outbound sr_users | any | any | accept | log have also tried encypt for action. under the "Security Tab" I have the following any | FW | AH, ESP, FW1_topo, IKE, IKE_tcp, RDP | accept | log sr_users@any | INTERNAL_NET, FW | any | client encrypt | log In global options I have the following checked ACCEPT VPN1,FW1 connections This is starting to drive me insane what am I missing??? I know its likely to be something simple but I must be overlooking it. __________________________ Robert Leach ECOS Technologies 1410 Broadway, 27th Floor New York, NY 10018 Phone: 212.944.8286 x20 Fax: 212.944.8852 [EMAIL PROTECTED] www.ecostech.com Only the named recipient(s) should read this e-mail. It may contain privileged or confidential information. If you are not a named recipient or you received this email by mistake, please notify me immediately by reply email and delete the message. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
