RE: [FW1] Secure Remote with IKE and Shared Secrets

Thu, 29 Jun 2000 12:45:06 -0700 


Several things

> Make sure if you are using 3des at the Securemote server level, that you
are using a 3des securemote client (don't assume)
> Go to policy properties/log and alert and make sure logging is set on all
ike stuff
> Go to Manage Users/User edit/encryption/successful auth is set to on
> Make sure Data Integrity for firewall/user settings match
> Make sure you have strong_des encryption in your license string if using
3des/IKE
> Make sure you have policy properties/accept control connections allowed.
> If you are using pre-shared secrets for IKE, make sure you have the
authentication scheme set to undefined

If you can FWZ to work, it is typically a encryption/pre-shared/data
integrity issue.


Thomas Poole
-----Original Message-----
From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 3:24 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] Secure Remote with IKE and Shared Secrets



Have you looked through www.phoneboy.com/fw1? 
Look down near bottom at the section for SecureRemote.
There is fair amount of assistanced to be had there.

Look at #0254.

What do your rules about the secure remote connections
look like? How about logging implied rules, found in
Policy->Properties?

Passwords do match, right?(sorry, had to ask.) 

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Tony Miedaner <[EMAIL PROTECTED]> 6/27/00 1:47:29 PM >>>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>I am trying to setup a Secure Remote client to a CP2K VPN/Firewall
>using IKE and Shared keys.
>
>The topology seems to come down OK but I see the port 500 IKE
>negotiation from the client (packet from client to firewall IP) but
>the firewall will not respond with anything.
>
>I log any and any but I don't even get a log entry indicating what
>the problem is.
> 
>
>Any help would be appreciated.
>
>Can anyone point me to a specific resource for this type of
>configuration? 
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> 
>
>iQA/AwUBOVjosHQWsAqOOHuYEQLocwCgihwV8GJA1rSICtM9kS0mIdzlysgAoNb9
>K84UiNNixDbJ/n6mZndbFv+C
>=oBQh
>-----END PGP SIGNATURE-----
>
>Tony Miedaner
>Network Security Engineer
>Network Engineering Unit
>Appliedtheory Inc.
>315-453-2912 x5361




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to