Do you have a rule on your firewall allowing ISAKMP to
your firewall? Also, what version of SecuRemote are
you using. I couldn't get it to work until I was on
build 4017.
HTH,
Pete Goodridge
--- "Sam, Garson (CA - Vancouver)" <[EMAIL PROTECTED]>
wrote:
>
> I am currently running FW1 4.0 on NT SP 6a. I have
> the VPN working under
> the FWZ protocol. However, right now I am trying to
> get it to work under
> IKE as well.
>
> When I bring up my SecureRemote client, and try to
> connect to the firewall,
> I get the usual prompt asking for the username and
> password. I enter this
> information, and there is a long delay, and it says
> "Communicaiton to site
> _____ has failed". I look in the FW1 long, but
> there is no instance of any
> encryption or authentication like there is with FWZ.
> (When I startup my
> computer, there is a log entry about the "ISAKMP
> Log: FW-1 ISAKMP daemon:
> started".
>
> I have done 2 things to setup IKE/IKMP.
>
> Under the user object (i.e. SecureRemote user),
> Authentication Tab: Authentication Scheme is set to
> "OS Password"
> Encryption Tab: Both ISAKMP/OAKLEY and FWZ are
> checked off.
> Properties of ISAKMP/OAKLEY: Authentication Scheme
> is password (I have
> entered a password).
> Encryption Properties is "Encryption + Data
> Integrity", MD5, DES
> (I authenticate with FWZ MD5 DES and it works).
>
> Under the firewall object:
> Authentication Tab: Enabled Schemes: OS Password
> Encryption Tab: Encryption Defined: ISAKMP/OAKLEY
> and FWZ
> Encryption Properties for ISAKMP/OAKLEY: DES, MD5.
> Authentication Method:
> Pre Shared Secret. (There is nothing
> under "Edit Secrets" -- I am unable to add
> anything there). Supports
> Aggressive Mode is selected.
> (Note: Public Key Signatures is unchecked).
>
> On the client computer, I loaded up SecureRemote and
> set it to try IKE
> before FWZ (so that I can test my ISAKMP
> encryption).
>
> Does anybody have any suggestions?
>
> Thanks
>
> Garson
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
