Check if the firewall in front of your client have "enable decrypt on
accept". If it does then no IPSec tunnel will work from behing this
firewall.
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf
> Of Robert Fowler
> Sent: Wednesday, December 22, 2004 10:36 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Failed to match proposal
>
> Hi,
>
> i have noticed that if i connect from behind the firewall
> using secure remote it fails to match proposal, however from
> ma dialup it works. The firewall is a Checkpoint firewall,
> and I can see te traffic passing through.
>
> Anyone any ideas what need to be configured,
>
> I have tried forcing NAT transal Tunnling (IKE over tcp and
> Force UDP encapsulation) this didnt work either.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
