Some brainstorming...
1. Make sure the following are checked under Policy -> Properties, to view
all enc. related logs/events:
- "Log Implied Rules" Security Policy tab.
- "Log IKE Negotiations" Log and Alert tab.
- "Log encryption kernel events" Log and Alert tab.
2. Make sure your time/date/time zone settings are correct on each firewall
module.
3. If you are using "pre-shared secrets" make sure they are set properly.
- sometimes the file fwauth.NDB gets corrupted.
(fwstop on both firewalls, rename $FWDIR/database/fwauth.NDB to something
else, fwstart, reset the "pre-shared secrets under the IKE tab).
4. If you have "Accept VPN-1/FireWall-1 Control Connections" turned off then
allow following between the firewalls:
-IKE (UDP:500)
-depending on your encryption rule settings
ESP (ip type 50)
AH (ip type 51)
[..don't forget about routers in front doing ACL's...]
5. Verify you have enabled the encryption algorithms you want to use on both
firewall objects (under the VPN -> IKE properties tab).
6. Verify you have set the encryption rule's Encrypt "properties" tab
properly on both ends.
... sounds like your problem may be #3 ...
Let us know of any errors etc...
Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS
-----Original Message-----
From: #Checkpoint [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 12:01 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] VPNs on CP2000 SP1 not working ...
Hello all,
I´m dispairing with a VPN building project between two VPN-1
implementations. Everything seems to be configured properly, but apart from
the key exchange (IKE) and encryption on the sending side, nothing more
happens. The decrypt is not done (no firewall logging), however a sniffer
analysis within the arriving internet segment BEFORE the target firewall
provides several frames of IPSEC traffic. Is there anyone, who has an idea?
My systems (on both sides): NT server 4.0 SP5 (target system), NT server 4.0
SP6 (source system), both operating CP2000 SP 1.
HELP!
Best regards,
Gerd Lienemann
CATS-Team Central Europe & Nordic
IS Communication
Pilkington Deutschland AG
Haydnstr. 19
D-45884 Gelsenkirchen
Tel (+49) 209 168 2620
Fax (+49) 209 168 2289
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
