Still does not work
I could not troubleshoot it right because I have no idea
what order that packets go between Firewall and client
Can anybody give me packet sequences showing on the log
if it connect successful,
when I add the site on SecuRemote, it connect server
get the certificate and ask me to verify it
my packet sequence is
client to Firewall FW1_topo accept
client to Firewall FW1 accept
client to Firewall RDP accept
I have not seen any thing going back to client yet
my rule is (to troubleshoot this)
any Firewall RDP, FW1, FW1_topo,ISAKMP accept log
user@any localnet any client auth log
firewall any any accept
log
my SecuRemote build number is 4153
my FW build is 41603
any troubleshooting hint would be appreciate
--------------------------------
SR uses port 259 for key exchange. The netbios ports (135-139) are not
needed in
order to do VPN.
I have gotten SR client to do key exchange only knowing IP address of FW-1
(fw did
not need to be resolvable).
My experience is that fw logs will only show connection data "after" the DH
key
exchange (I was using FWZ). When I had problems with my SR, I had to use
sniffer to
see public key and topo information downloaded from fw to SR client (with
parameters
i was working with, i had to send this data in clear in order for
authentication to
work).
It may be helpful in future to post you build number for both client and fw.
there
are dependendies regarding versions (e.g., SR client, build 4005 has
problems with
fw 4.0 build 4031)
/rm
Andre Toussaint wrote:
> check out www.phoneboy.com/fw1
>
> specifically http://www.phoneboy.com/fw1/faq/0342.html
>
> according to that, it might be the ports, but I don't know which ports
> fw/SecRem use. you could disable the port filter, try it, and see.
>
> goodluck
> andre
>
--------------------------------
>
> the only log that I see related to this
> is the connection from
> "external win98" to "Firewall" using service RDP (and that's it)
>
> I forgot to mention that i did some filter on tcp/udp 135-139
> on my exterior router
> Does it matter?
>
> ---------------------------------
> well, the no domain server is probably because you didn't get in, so just
> worry about no answer recieved from fw.
>
> How far is it getting? Check the log viewer on your firewall-1.
> do you see the user attempting to connect, etc?
> (this is best to do with a laptop dialing in, sitting right next to fw-1
> box, so you can watch both)
>
> andre
>
> ----------------------------
> I using SecuRemote on a win98 connect to Internal NT server
> after enter the password for NT and enter password at SecuRemote pop-up
> window
>
> Secure Remote pop up a window
> "Error: No answer receive from a Firewall at site xxx.xxx.xxx.xxx "
>
> and "No domain server is available"
>
> Can you give some hints how to trouble shoot this
>
> any help would be appreciate
>
=======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
