Hi all,
I've just experienced a strange (at least for me) behaviour using
SecureClient (R56 - Build 619).
I have to connect to two different sites. Both are using VP-1 R55W as
Gateway (only difference are the hotfixes).
I can create certificates for both sites successfully, can create both
sites successfully but, and here comes my problem, I can only connect to
1 (of course I'm not trying it simultanly ;)
I tried to sniff both connections and this I got:
Successful connection
---------------------
Src:1031 -> dst:500 -> isakmp (identity protection (main mode))
Dst:500 -> src:1031 -> isakmp (identity protection (main mode))
Src:1031 -> dst:500 -> isakmp (transaction (config mode))
Dst:500 -> src:1031 -> isakmp (transaction (config mode))
Unsuccessful connection
-----------------------
src:3143 -> dst:18234 -> udp
src:3143 -> dst:18234 -> udp
src:3143 -> dst:18234 -> udp
.
.
.
The really strange thing is that I can see the unsuccessful connection
only on my local machine using a sniffer. There is NO packet reaching
the gateway (not even the router).
Although it sounds to me like a client problem I put in the gateway
versions used:
# fw ver (unsuccessful)
This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence (R55W) HFA_04, Hotfix 011 - Build 004
#fw ver (successful)
This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence R55W - Build 346
Anyone with a clue?
Kind Regards
Thomas
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
