Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> SecureClient SCV Config Issue's - HELP!!
Post Info TOPIC: SecureClient SCV Config Issue's - HELP!!
Souly


Status: Offline
Posts: 1
Date:
SecureClient SCV Config Issue's - HELP!!
Permalink  


Hello,
I am getting balder by the minute after ripping my hair out.
I am having a lot of trouble trying to get SCV to work. We are using Splat NG (R55)
I have got SC working fine, using connect mode and office mode with IP pools etc. Everything works great without SCV.
Our rule base is in traditional mode, as soon as I enable SCV verification in the rule which controls SC I come into problems.
I can connect and login to the policy server from the client, all looks good in the logs. The client even logs 'SCV Policy: Policy is up to date'. I have left the local.scv untouched.
Then I try to connect to a node in the encdom (eg telnet). The tracker shows the rule being accepted and decrypted but the client times out. Then after a short period the following entry appears in the tracker:
Source: #########
Number: 30916
Date: 17Feb2004
Time: 15:30:28
Product: VPN-1 & FireWall-1
Interface: eth1
Type: Log
Action: Drop
Protocol: tcp
Service: telnet (23)
Destination: #########
Rule: 12
Source Port: 1056
User: matt
Encryption Scheme: IKE
VPN Peer Gateway: #############
Encryption Methods: ESP: 3DES + SHA1
Information: scv_user: ###; scv_message_info: Client's configuration is not verified
By the looks of it the firewall isn't acknowledging that the client isn't SCV'd correctly!!
I have tried a lot of suggestions (see following) etc, from CP knowledge base:
Tried enabling control connections for the scv_keep_alive packets, also tried a manual rule for it.
Allowed fw node rule to access client on desktop rule for all ports.
Tried disabling all options in the global properties of SCV, ie allow client but log. Still doesn't work.
I've tried the :dont_enforce_while_connecting (true) in the local.scv file
Configured the gateway to allow stateful ICMP errors (was enabled anyway)
enabled back connections
disabled HUB mode
Checked UDP 18233 is allowed through routers before gateway.
I've run into a dead end as to why the client can't be verified by the FW!!
I really want to get SCV to work. If anyone could help me or give me some pointers I would really really appreciate it. I will even send you the money to buy a beer
Thanks
Souly

__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> SecureClient SCV Config Issue's - HELP!!
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard