Re: [m0n0wall] computers behind m0n0wall can't be authorized with checkpoint vpn

From:	"Kristian Shaw" <monowall at wealdclose dot co dot uk>
To:	=?utf-8?B?U2VhbiBXdSBb5ZCz5rWa5rOTXQ==?= <sean dot wu at ycmcnc dot com>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] computers behind m0n0wall can't be authorized with checkpoint vpn
Date:	Wed, 15 Feb 2006 08:41:20 -0000

Hello,

1. Try enabling 'allow fragmented packets' in the rule that allows traffic 
from the SecureClient users (re-occuring theme....). Sometimes the IKE 
packets are too big to fit in one packets and get fragmented.

2. If 1. doesn't work, then in SecureClient enabled 'IKE over TCP' and 
'Force UDP Encapuslation'

3. Update SecureClient to the R60 version, it is backwards compatible with 
the older enforcement modules.

Regards,

Kris..

----- Original Message ----- 
From: "Sean Wu [???]" <sean dot wu at ycmcnc dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, February 15, 2006 5:39 AM
Subject: [m0n0wall] computers behind m0n0wall can't be authorized with 
checkpoint vpn


> Hello,
>
> After I built m0n0wall, the computers behind m0n0wall can?t be authorized 
> with checkpoint by SecureClient. Before I connect to VPN of Checkpoint , I 
> must create a profile of SecureClient. But when I created the profile, it 
> will connect to Checkpoint to get a license, it failed. Logs of m0n0wall 
> showed the rejective messages. Even I changed the policy that can be full 
> access, it still didn?t work. Are there setting wrongs with my m0n0wall? 
> Many thanks.
>
>
>
>
>
> Logs of Firewall
>
> Act   Time                        If              Source 
> Destination              Proto
>
> X     11:43:11.397225     WAN       xxx.xxx.xxx.xxx     192.168.1.198 
> UDP
>
>
>
>
>
>
>
> Best regards,
>
> Sean
>
>
>
>
>
>
>
>