RE: [FW1] Problems with Secure Remote

Wed, 05 Jul 2000 08:27:01 -0700 


Seems like you have encryption and licensing fine on the management server,
How about securemote? One problem could be is that you are trying to use
3des on the firewall side, but 4157 may only be standard DES. 
You may need to get a 3DES securemote for this to work. 
Are you using certificates or pre-shared? Make sure authentication at the
user level is set to undefined. 

If you keep getting errors, make sure you are logging everything at the user
level, encryption level, and also at the policy properties level.

Also, get the latest Service Pack on the firewall. 

Try and back down to fwz and see if this makes any difference. 

Thomas Poole

-----Original Message-----
From: Michael Louie [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 03, 2000 4:33 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Problems with Secure Remote



I'm hoping to get some advice with this issue, I am trying to get Secure
Remote
working properly, the details are below

SecureRemote                    4.1 build 4157
"fw ver" output
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.0 Build 4031 [VPN +
DES
+ STRONG]
"fw printlic" output
This is VPN-1(TM) & FireWall-1 Version 4.0 ( 3Jul2000 11:22:55)

Type             Expiration Ver Features
ID-80c4ba8c      18May2001  4.x srmedium
ID-80c4ba8c      18May2001  4.x encul ca vpnstrong
ID-80c4ba8c      18May2001  4.x motif
ID-80c4ba8c      18May2001  4.x control pfm

I have "accept firewall-1 control connections enable"

My rulebase (right at the top during testing)

any             firewall        tcp256,tcp264,udp500,udp259,proto50&51
allow
allusers@any    all-internal-ip any
client
encrypt

The first time I connect with SecureRemote it comes with a warning that the
ip
address and the key id should be verified.  After that when I try to
initiate a
connection SecureRemote prompts me for a password, it attempts to exchanges
keys
and finally times out with "no answer received from a firewall at site
x.x.x.x

Anyone have any ideas on what I might be forgetting?


Any help would be greatly appreciated

-Mike



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to