Hi, you will need a rule accepting Client Encrypt, because the way you have defined the rule will need a static peer. Try to define a user group in which smith is in. Then try this rule: smithgroup@any smiths_machine PCanywhere ClientEncrypt long So the user has to authenticate (which can also be automated). Check it the properties of ClientEncrypt are set correctly - and then it should work. Hope it helps best regards Matthias
Alan Choyna wrote: > Hi folks, > > I'm trying to set up my FW-1 4.1 SP3 to be able to allow securemote > (build 4188) access from external machines. > > The external PC's are each sitting behind a linksys router (firmware > 1.40.1) using either DSL or Cable internet connections, using non static > external ip addresses. > > I installed the encryption license (DES3), and have configured a user > (smith) with the user Authentication scheme VPN-1 & Firewall 1 Password, > with Encryption options IKE & FWZ checked. > > I have created the following rules: > > any Smiths_machine_behind_FW1 PCanywhere encrypt. > > We are using securemote (build 4188) and have checked the IKE option > under tools/Encryption, and Force UPD encapsulation and Support IKE over > TCP under its advanced settings. > > When smith trys to connect from his external PC, the following rejects > appear in the Log "encryption failure: No peer gateway found for the > destination scheme: IKE." > > Is the error because l do not have a domain object as the source? If so, > how would l set up a domain object which doesn't have an static ip? > > What encrytion/logon/securemote services should l allow? > > We wish to use DES3. Have l set the correct options on the user object? > and the securemote client options? > > Anything special to do in the Policy properties? > > Sorry for all the questions, but there are so many variables here, that > l find myself lost. > > Regards, > > Alan. > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
