Re: [FW1] SecuRemote 4.1 encryption not working

Thu, 13 Jul 2000 06:09:03 -0700 


I am still trying to confirm this but try either:

1. Make sure that your firewall object is the same as your nodename or
machine's outside interface name.

2. Select FWZ as an encryption scheme for the firewall and generate the
keys (someone from this list gave me this hint - thanks).

Also, you might have to reboot after generating the key but I am not sure.

All of the above will be confirmed when I build another box and I will let
this list know the results.  Thanks to all that helped.


At 08:21 AM 7/13/00 -0400, you wrote:
>
><once more!>
>
>I'm trolling for help!
>
>I cannot get an encrypted session going between SecuRemote 4.1 and FW-1 4.1.
>I can download the topology, get the auth and key exchange ... and nothing
>else. No log entries either, just an eventual time out. I have tried both
>FWZ and IKE. Here is the setup:
>
>SR Client (via cable modem) ------>Internet-------->Firewall-1-------->HTTP
>and FTP Servers on a rfc-1918 192.168.0.0 network
>
>The internal network object is using hide mode NAT.
>The two server objects are using static mode NAT.
>
>**EVERYTHING WORKS FINE WITHOUT SECUREMOTE***
>
>The Firewall is set for exportable
>The encryption domain is set to "other" and references a  group that
>includes the internal bogus network plus two network objects for the HTTP
>and FTP servers ( with their valid addresses )
>The encryption and authentication types are defined
>The properties for each scheme are defined
>The users and group are defined
>I have a rule at the top that goes : remote_users@any  crypto-domain
>http/ftp  client-encrypt   long 
>The SecuRemote client has the site defined ( the network for the external
>interface of the fw and the static NAT objects)
>
>NOTHING!!!
>
>I have enabled encapsulation for the FWZ side and have played with the IP
>pool NAT, but no luck.
>
>
>Can anyone PLEASE help?
>
>Thanks
>
>Dave
>
>
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
Tony Miedaner
Network Security Engineer
Network Engineering Unit
Appliedtheory Inc.
315-453-2912 x5361


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to