[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: Encryption Failure

To: <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] RE: Encryption Failure
From: "Jim Noble" <noblej@mindspring.com>
Date: Sat, 18 Mar 2000 04:56:07 -0500
Cc: <mfoster@lanmarket.com>
Importance: Normal
In-Reply-To: <200003172331.PAA04187@softwhisper.us.checkpoint.com>
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com


Mark,

First of all, you noted that your NT machine is running Firewall-1 SP1
(Build 4038?).  It is IMPERATIVE that the Solaris box also runs the same
code revision/build.  There are major changes in ISAKMP, and Oakley key
exchange between Service Packs from Checkpoint. (see release notes for
Service Packs)

We encountered the same error when trying to connect to a peer that was
running a higher revision service pack than our site.

I would also STRONGLY urge you to move from Checkpoint Service Pack 1 to at
least Checkpoint Service Pack 2 ASAP on all of your firewalls.  SP1 has
major issues.  (See release notes for SP2 for more details.)

We have just finished the Checkpoint User Conference, and these issues were
a hot discussion topic, and we have been told that the new release of code
(available April 15 to Software Subscription members) will fix all of the
previous problems with Firewall-Firewall VPN's.

-
James Noble
Network Manager
INFO1
6010 Dawson Blvd
Norcross, GA  30093
PH (770) 416-6877


Date: Fri, 17 Mar 2000 05:35:43 -0800
From: MARK FOSTER <mfoster@lanmarknet.com>
Subject: [FW1] Encryption Failure

I have a weird problem.  I set up a VPN between two sites, but it only works
one way.  Background:
Master site is currently running NT 4 with sp5, VPN-1 no service packs,
supporting four remote
VPN sites all running NT 4 with sp5.  But the new site is running Sun
Solaris 2.6 with VPN-1, I
can connect from a PC behind the Sun firewall to the master end no problem.
I checked the
event logs at the master and see the encryption packets.  But going the
other way, the log
shows the following error:  "Encryption Failure: no response from peer
scheme: isakmp"
I've tried phoneboy and joe and tech support but no help. Help!!! The client
is getting very
upset.  Thanks. Mark.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

------------------------------



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Nokia Equivalents of Objects.C and other Config Files
Next by Date: [FW1] Real Secure problem
Prev by thread: [FW1] internal address leaking && Multiple Firewall Vendor FTP "ALG" ClientVulnerability
Next by thread: [FW1] Real Secure problem
Index(es):
- Date
- Thread