Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> SecuRemote Phase 2 Failure
Post Info TOPIC: SecuRemote Phase 2 Failure
jancoulson


Status: Offline
Posts: 4
Date:
SecuRemote Phase 2 Failure
Permalink  

I have just enabled VPN remote access on an existing NG FP1 firewall (must be this version for E3 compliance reasons).


From a client (I have tried FP3 and R56, over broadband and dial-up) I can create a site, authenticate and download topology without any problem. SecureClient diagnostics show successful phase 1 and Xauth negotiations.


However, when attempting to contact the VPN domain, the client displays "exchanging keys with firewall" for a time before returning the error "communication with gateway x at site x failed". During this process, the firewall does not appear to receive ant traffic at all from the client (implied rules are being logged as well).


After the failure, SecureClient diagnostics shows a failed phase 2 due to "gateway not responding".


I have tried changing the MTU size on the client, and have confirmed that the ISP router does not have any access lists on it.


I don't know what else to try other than rebuilding the firewall.



__________________
ccseng2002


Status: Offline
Posts: 84
Date:
Permalink  

use dbedit or "gui" dbedit to modify the parameter "userc_ike_nat" from "false" to "true". 


That will work.


 



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> SecuRemote Phase 2 Failure
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard