I have fought the same problem. Here is what I have learned.
1.
Drop any domain objects in objects.C
Even though the domain objects had nothing to do with my
securemote rules, they killed FW performance such that
the IKE process did not get enough resources to run.
You can confirm the interaction by
tcpdump .... port 500 or snoop -d ... port 500
You will see the client connecting, but the FW is slow/never
answers
2.
fwhmem The default fwhmem has been too small in my environment.
One cause may have been the domain objects. Making fwhmem bigger
improved VPN
3.
If linksys, LATEST firmware, then enable IPSEC pass through
4.
If any wireless LAN, LATEST firmware. One vendor had problem
with MTU sizes and assembling packets.
greg
>
> -----Original Message-----
> From: Rui Ribeiro [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 22, 2001 10:52 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: [FW1] Secure Remote doesn't perform authentication
>
>
>
>
> Hi folks.
>
> We're having quite of a rough time w/ Secure Remote and FW-1 4.1.
>
> When we're authenticating a client with a Secure remote, after inputting the
> user name and password is:
>
> 1) clicking in the secure remote icon, it displays the message "Exchanging
> keys with a firewall"
>
> 2) After a while, i.e. peharps a minute, the machine displays a message box
> with the following text "Error: no answer received from a Firewall at site
> xxx.x.x.xxx. If the problem persists, please contact your system
> administrator.
>
> 3) There also aren't any logs of the user login.
>
> The version of the firewall and capabilities are the same as the
> SecureRemote client.
> The tests via the users and port 259 perform without any trace of problems.
> We're also able to syncronize the site in the secureremote icon.
>
> So has somebody any sugestion for this problem?
>
> Thanks in advance,
> Rui Ribeiro
>
>
> _____________________________________________________________
> Are you a Techie? Get Your Free Tech Email Address Now! Visit
> http://www.TechEmail.com
>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
_______________________________________________________________
Greg Polanski mailto:[EMAIL PROTECTED]
ADC Telecommunications, Inc. 952.917.0548
MS 36 952.917.0651 FAX
PO Box 1101 612.309.4493 cell/pager
Minneapolis, MN 55440-1101 [EMAIL PROTECTED]
_______________________________________________________________
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
