[FW1] Q: Setting Up IKE/ISAKMP Encryption for SecureRemote VPN

[Sam, Garson (CA - Vancouver)]

I am currently running FW1 4.0 on NT SP 6a.  I have the VPN working under
the FWZ protocol.  However, right now I am trying to get it to work under
IKE as well.

When I bring up my SecureRemote client, and try to connect to the firewall,
I get the usual prompt asking for the username and password.  I enter this
information, and there is a long delay, and it says "Communicaiton to site
_____ has failed".  I look in the FW1 long, but there is no instance of any
encryption or authentication like there is with FWZ.  (When I startup my
computer, there is a log entry about the "ISAKMP Log: FW-1 ISAKMP daemon:
started".

I have done 2 things to setup IKE/IKMP.

Under the user object (i.e. SecureRemote user),
Authentication Tab: Authentication Scheme is set to "OS Password"
Encryption Tab: Both ISAKMP/OAKLEY and FWZ are checked off.
Properties of ISAKMP/OAKLEY: Authentication Scheme is password (I have
entered a password).
  Encryption Properties is "Encryption + Data Integrity", MD5, DES
(I authenticate with FWZ MD5 DES and it works).

Under the firewall object:
Authentication Tab: Enabled Schemes: OS Password
Encryption Tab: Encryption Defined: ISAKMP/OAKLEY and FWZ
  Encryption Properties for ISAKMP/OAKLEY: DES, MD5.  Authentication Method:
Pre Shared Secret. (There is nothing
     under "Edit Secrets" -- I am unable to add anything there).  Supports
Aggressive Mode is selected.
    (Note: Public Key Signatures is unchecked).

On the client computer, I loaded up SecureRemote and set it to try IKE
before FWZ (so that I can test my ISAKMP encryption).

Does anybody have any suggestions?

Thanks

Garson


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================