Hi,
I have configured SecuRemote and IKE Hybrid Mode Authentication, moreover I
had to add the :resolve_multiple_interfaces (true) in objects.C.
SR is latest (4.1SP3 hotfix xy).
Firewall CP 4.1SP3.
Rulebase:
any firewall-public-int IKE,AH,ESP allow
any firewall-object any
drop
firewall-object any any
drop
myuser@any encryption-domain ftp
clientencrypt
Topodownload works quite fine.
After authentication of the user there are two log entries for IKE phase 1
and phase 2 negotiation, both are valid.
There are only IKE phase1 and phase2 log entries in IKE.elg (gateway). Due
to entries in fwenc.log (SecuRemote) the client is trying x times to send
encrypted packets to the gateway but the gateway seems not to respond.
SecuRemote error: Communication with site (IP Address) has failed.
Alltogether it seems that finally SecuRemote tries to reach the wrong IP
address not the one which was used for IKE key exchange.
Looking at fwenc.log gives me not very much more hints, as I don't know what
Checkpoint has implemented.
Any hint is really appreciated.
Cheers,
Josef
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
