Hi List,
one of our customers has a problem that he cant execute a site update
from internal LAN (from outside it works) In SecureClient Log Viewer I
can see that the IKE(isakmp) packets are being rejected by Desktop
Policy. Why? Do I have to create a Desktop Policy for IKE (destination
address is external interface) and create policies?
The configuration (by packaging tool) is:
- connect mode
- allow clear connections for encrypt action when inside the enc domain
- restrict user intervention
- force UDP encap
- do not allow to stop SC
- perform automatic topology update only in silent mode
- Partial Topology enabled: Topology Server Name, Download Server and
Topology server IP address
- in profile: Route all traffic through gateway is enabled (because we
have to reach other networks outside the encryption domain)
(NG AI HFA 12, Single Gateway (Smartcenter and Modul))
any hint?
thx
doehni
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
