Yes, I pushed the rules and also tried cpstop/cpstart.
It works fine in my labs test too, but in the
production environment something is missing.
I wonder if importing configuration from a 4.1 machine
can have any impact on this behavior from the gateway
....
Luiz
--- Jon Allingham <jallingham AT LEAPSTONE DOT COM> wrote:
> It works fine in my configuration. Did you push the
> policy to the
> firewall after checking the button to enable UDP
> encapsulation? I don't
> recall if that is an item requiring a cpstop/cpstart
> to enable.
>
> --
> Jon Allingham
> Director, IVT
> Leapstone Systems
>
>
> -----Original Message-----
> From: Luiz Afonso [mailto:luiz_ma AT YAHOO DOT COM]
> Sent: Friday, December 19, 2003 7:43 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Gateway doesn't support UDP
> encapsulation ?
>
> Hi,
>
> I'm trying to connect to a VPN-1 NG AI R55 gateway
> using SecuRemote R55 client with "Force UDP
> Encapsulation" and "IKE over TCP" Enabled,
> to overcome NAT issues.
>
> I double checked all the configuration items,
> including "NAT Traversal" support in Gateway/Remote
> Access, which is enabled.
>
> When I try to connect, IKE main mode completes
> successfully, but then the following message shows
> up
> in log:
> "Reason: Client Encryption: 'Force UDP
> Encapsulation'
> selected on user's profile, but gateway doesn't
> support UDP Encapsulation."
>
> Any ideas ?
>
> Thanks,
> Luiz
>
>
> __________________________________
> Do you Yahoo!?
> Free Pop-Up Blocker - Get it now
> http://companion.yahoo.com/
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
