Are the remote boxes upgraded as well (to v4.1x?) If not, you will have to turn off 'supports key exchanges for subnets' under the vpn/ike tab on the firewall object. Unless there is a backward compatibility module for the nokia, then you may have problems with IKE clients as well (unless you flip the aforementioned switch.) HTH, CryptoTech Greg Polanski wrote: > I recently upgraded a Nokia 440 from FW v4.0 to FW1 v4.1 SP2. > I also upgraded IPSO from 3.1.* to 3.2.1 > Strong encryption is installed and licensed. > See below. > > HOWEVER, I cannot get IKE to work, neither for SecuRemote > nor for gateway-gateway VPN. FWZ SecuRemote works fine. > > What do I have to do to the nokia to get IKE encryption to > work? I know that the setup is correct in the gateway definition > because it matches other gateways where gateway-gateway VPN > is working. > > When I tcpdump the external interface, I see the handshake coming > in, but do not see the answer going back out. > The other gateway logs "... No response from peer" > > If I missed something in the FAQ, please please call > me stupid, BUT let me know where it is so I can get > smarter. (In other words, I am stumped by this.) > > Thank you > > greg > > P.S. the nokia reseller started off the tech support response > with the following > "Much of what you are asking involves services that are not > covered under a support contract." > Not much hope there!! > > avsfw1[admin]# fw ver -k > This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build > 41716 IPSO-build-15 SDK-849 [VPN + DES + STRONG] > kernel: Version 4.1 SP-2 Build 41716 IPSO-build-15 SDK-849 [VPN + DES + > STRONG] > > avsfw1[admin]# fw printlic > This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-2 Build > 41716 IPSO-build-15 SDK-849 (10Nov2000 16:40:01) > > Host Expiration Features > 206.41.6.177 Never cpvp-vsr-1000-v41 CK-D... > 206.41.6.177 Never cpfw-enc-u-3des-module-v41 CK-... > 206.41.6.177 Never cpfw-fm-u-v41 CK-... > > -- > > _______________________________________________________________ > Greg Polanski mailto:[EMAIL PROTECTED] > ADC Telecommunications, Inc. 952-946-2270 > MS 85 952-946-2465 FAX > PO Box 1101 612-538-1833 pager > Minneapolis, MN 55440-1101 [EMAIL PROTECTED] > _______________________________________________________________ > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
