RE: [FW1] Install Policy on SecuRemote Client

Andrew Bain Thu, 01 Jun 2000 09:30:30 -0700

Kevin

-FW-1 4.1 SP-1 firewall on solaris 2.6
-The domain is exportable to SecuRemote
-The firewall object is setup for IKE with preshared secrets and FWZ with 
local key manager and SecuRemote encapsulation
-The management server is on the firewall (why is this an issue?) as is the 
policy server

When the policy is set to "Allow All", the client can successfully create a 
VPN.

Thanks
Andrew

>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: RE: [FW1] Install Policy on SecuRemote Client
>Date: Thu, 1 Jun 2000 11:03:36 -0500
>
>I'm assuming a 4.1 firewall?  Do you have the firewall setup as exportable
>for securemote?  Do you have any kind of encryption setup in the firewall
>object?  Is the management server on the firewall or inside the firewall
>and, if it's inside, does it have a route to the internet?  Please provide
>more details.
>
>Thanks.
>
>Kevin Martin
>Firewall/DNS/SMTP/Network Admin.
>[EMAIL PROTECTED]
>
>
>-----Original Message-----
>From: Andrew Bain [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, June 01, 2000 10:15 AM
>To: [EMAIL PROTECTED]
>Subject: [FW1] Install Policy on SecuRemote Client
>
>
>
>Hello
>
>I seem to be in the strange position where my client cannot download a
>policy from my policy server because the current policy is incorrect.  The
>policy selected (and which can't be changed on the client) is allow all, 
>but
>
>the policy I wish to enforce is "Allow Outgoing Only".  If I check "Desktop
>is Enforcing Required Policy", the SecuRemote  client on trying to download
>the policy replies "User successfully authenticated by VPN-1.  You are 
>using
>
>an inappropriate policy. Load a new policy from your Policy Server."
>
>The Policy Server is installed on the same host as the firewall.  Any 
>ideas?
>
>Thanks Andrew
>________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
>
>============================================================================
>====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>============================================================================
>====

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Install Policy on SecuRemote Client

Reply via email to
