Firewall Wizards mailing list archives
Re: Client Encryption: Failed to generate reply
From: Jack Coates <jcoates () rainfinity com>
Date: Mon, 14 Aug 2000 18:50:41 -0700
Hi Greg, As I understand it, FWZ keys aren't synchronized by the CPFW-1 gateway cluster object, so it won't work with the nice transparent failover functions. You can do FWZ with non-transparent failover by using sticky IPs, though it's not the most scalable solution. Best thing is to use that as a stopgap and start migrating to IPSec. HTH, -- Jack Coates, Rainfinity SE t: 408-382-4860 m: 650-280-4376 Greg Polanski wrote:
I have just completed an installation and configuration of Rainwal 1.3, build 38 on Solaris 2.7 and Checkpoint 4.1 SP2. Hide NAT and SecuRemote IP Pools are working. The secret for SecuRemote is adding the phrase, :ip_pool_vpn (true) to objects.C (page 250 of the Jan 2000 VPN manual.) IKE Hybrid authentication works with SecurID. FWZ authentication fails FW log: reason Client Encryption: Failed to generate reply to client request User's desktop Error: No answer received from a Firewall at site .... If this problem persists, please contact your system administrator. Where should I look to fixing VPN for FWZ users? greg _______________________________________________________________ Greg Polanski mailto:greg_polanski () adc com ADC Telecommunications, Inc. 952-946-2270 MS 85 952-946-2465 FAX PO Box 1101 612-538-1833 pager Minneapolis, MN 55440-1101 6125381833 () minncommpaging com _______________________________________________________________
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Client Encryption: Failed to generate reply Greg Polanski (Aug 14)
- Re: Client Encryption: Failed to generate reply Jack Coates (Aug 14)