[FW1] Need help with IKE in Nokia 440, FWZ OK, but IKE fails

Fri, 10 Nov 2000 14:00:56 -0800 


I recently upgraded a Nokia 440 from FW v4.0 to FW1 v4.1 SP2.
I also upgraded IPSO from 3.1.* to 3.2.1
Strong encryption is installed and licensed.
See below.

HOWEVER, I cannot get IKE to work, neither for SecuRemote
nor for gateway-gateway VPN.   FWZ SecuRemote works fine.

What do I have to do to the nokia to get IKE encryption to
work?  I know that the setup is correct in the gateway definition
because it matches other gateways where gateway-gateway VPN 
is working.

When I tcpdump the external interface, I see the handshake coming
in, but do not see the answer going back out.
The other gateway logs "... No response from peer"

If I missed something in the FAQ, please please call
me stupid, BUT let me know where it is so I can get 
smarter.  (In other words, I am stumped by this.)

Thank you

greg

P.S. the nokia reseller started off the tech support response
with the following
        "Much of what you are asking involves services that are not 
        covered under a support contract."  
Not much hope there!!



avsfw1[admin]# fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build
41716 IPSO-build-15 SDK-849  [VPN + DES + STRONG]
kernel: Version 4.1 SP-2 Build 41716 IPSO-build-15 SDK-849 [VPN + DES +
STRONG] 

avsfw1[admin]# fw printlic
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build
41716 IPSO-build-15 SDK-849 (10Nov2000 16:40:01)

Host             Expiration Features
206.41.6.177     Never      cpvp-vsr-1000-v41 CK-D...
206.41.6.177     Never      cpfw-enc-u-3des-module-v41 CK-...
206.41.6.177     Never      cpfw-fm-u-v41 CK-...



-- 

_______________________________________________________________
Greg Polanski                    mailto:[EMAIL PROTECTED]
ADC Telecommunications, Inc.     952-946-2270
MS 85                            952-946-2465 FAX
PO Box 1101                      612-538-1833 pager
Minneapolis, MN  55440-1101      [EMAIL PROTECTED]
_______________________________________________________________


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to