Tobias,
Yeah....Sorry the info was so sketchy. Some background info:
I had to reinstall the SmartCenter server...and during that I had to do the
random seed thing to generate a new CA. So I assume it has something to do
with that. But I would figure that a topo update would take care of that?
Maybe I should delete usersc.C on my SR laptop....and try again?
Actually, though, I think I even tried a new install of SC/SR on a new
laptop, but still to no avail....same error.....
Using NGAI R55, with latest hot-fixes. FW-1/VPN-1 is on a
crossbeam/secureplatform box, and the SmartCenter server is on a Windows
2003 server machine.
Thanks for any assistance.
Also....when I rebuilt the rule set....I maybe have farked up the VPN
configuration...so don't rule that out either...
TIA,
Joe
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
Lachmann,
Tobias, PRE
Sent: Wednesday, February 23, 2005 2:57 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] AW: [FW-1] VPN client to firewall connection fails
Hello Joe!
Can you give us more information about the complete setup?
What certificates do you use? Where do they come from?
The message: "Cannot construct a valid certificate chain from peer
certificates"
indicates, that the two certificates are not signed by the same
(internal)-ca
or that the certificates can't be validated by the participating partners in
the vpn.
Regards,
Tobias
-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] Im Auftrag von Joe
Clifton
Gesendet: Dienstag, 22. Februar 2005 17:37
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Betreff: [FW-1] VPN client to firewall connection fails
Below is the error I am getting...this is a new install. Maybe I should
re-create the CA??
>Checking network connectivity...
>Preparing connection...
>Connecting to gateway...
>Could not validate the certificate used by gateway FWKRE1F at site TU.
>Cannot construct a valid certificate chain from peer certificates
>IKE negotiation failed
>Connection failed
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
