Re: [FW1] Losing SA with Secure Remote Client 4.1 and FW1 4.1sp2]

Fri, 01 Dec 2000 08:53:24 -0800 



On Sat, Nov 04, 2000 at 02:04:37PM -0500, CryptoTech wrote:
> Are there any other services running on the FW? 

No, its NT4 and we've shut down all the M$ crap.


 What are the contents of your
> encryption domain?

Our two 'internal' networks, a 'DMZ' and 'PRIVATE' network.

Its a Network Group Object that contains these two network objects.

ITs checked 'Exportable for SecurRemote'


>  Are you using Unauthed topology download, and what is the main

I think so.

At the SR client (win95) we install SR.

Open SR, enter in IP address of the external gateway for the firewall.
  the site icon appears for our firewall.

I open a dos window and ping the machine in the PRIVATE network (192.168.1.101)

After a moment the SR login window pops up.
  - we have users using passwords, not certs
  - enter the username and password, and SR exchanges keys w/ firewall

After about 2 min I can ping and ssh machines in internal nets.

after about 10 min I get the SA errors, and SR and the Firwall never re-establish 
another SA.


> ip address in the firewall workstation object?  (must be external)
> 
Yes, its external and a valid ip address.


Any ideas?

-andy



> 
> [EMAIL PROTECTED] wrote:
> 
> > Hello:
> >
> > I've got the latest Fw1 on NT and Secure Remote Client installed and
> > working. I've applied the sp2 to the FW1 server.
> >
> > I'm using IKE to connect, and it works, but there are two big problems:
> >
> > 1. exchanging keys takes 2 mins !
> >
> > 2. after about 7-10 min, the Client loses its SA (security association)
> > with the server. The server tries and tries to re-establish a sa, but it
> > never happens.
> >
> > This happens on Secure Remote Clients on both win95 and win98.
> >
> > Has anyone come across this with Secure Remote Client and FW1?
> >
> > -andy diller
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to