Secure Remote Connection Enigma

[red7]

I am trying to connect to an IP330 firewall-1 v4.1 box via Secure Remote on a W2k machine over a cable connection. I have been able to do this for over a year now and suddenly I cannot connect any longer. The rulebase has not changed nor has the user database.

When I click the server icon in secure remote the username password box appears. After this information is entered, it updates but never gives the successful authenticated popup box like it used to. The icon in the tray has a little lock on it but I cannot connect via pcanywhere or terminal services. The key exchange seems to go smoothly in the logs but no traffic is seen after that point. This is very perplexing. I have only been troubleshootting this for a day but nothing immediately jumps out at me as a problem. I have reinstalled secure remote several times and with different builds. Any ideas? I will be happy to supply further information if needed!

 

[HTY]

Hi,
Did you check the firewall logs? They must tell you what's going on, you can post the interesting part of these logs.
From what you've said I think you are using password authentication, if it's not the case it will be good to verify the certificate expiration date.
Hicham

 

[red7]

Here is what I can gather from the logs:

Successful Logon 7:23am

action:authcrypt
Reason Client Encryption: Authenticated by Pre-Shared secret scheme: IKE methods: 3DES,IKE,SHA1

action:Key Install
IKE Log: Phase 1 (aggressive) completion. 3DES/SHA1/Pre shared secrets Negotiation Id: xxxxxxxxxxxxxxxxxxx

action:Key Install
Scheme: IKE methods: Combined ESP: 3DES + MD5 (phase 2 completion) for host 192.168.6.50 and for subnet 0.0.0.0 (mask=0.0.0.0)

The rest is terminal service traffic and various other traffic from my house to and from work. Src key is present on all communications. Logged out of sessions and killed vpn connection.

Don’t know what this is but it appears before right before the next logon that failed? Maybe an update?

Accept FW-1 topo
Accept FW- 1topo


Unsuccessful Logon 8:05am (first Authcrypt not present last logon)

Action:Authcrypt
Reason User authenticated by Firewall. Sending Ecrypted Topology. Scheme: SSL

Action:Key Install
IKE Log: Phase 1 (aggressive) completion. 3DES/SHA1/Pre shared secrets Negotiation Id: xxxxxxxxxxxxxxxxxxx

Key Install
Scheme: IKE methods: Combined ESP: 3DES + MD5 (phase 2 completion) for host 192.168.6.50 and for subnet 0.0.0.0 (mask=0.0.0.0)

No further communication information in the logs until the next failed logon. Subsequent logons look exactly the same.

Terminal server times out at this point from my house, cannot ping or connect to any machines.

 

[HTY]

someone modified your gateway confuguration, it was set to preshared secret and now it's ssl! Hicham

 

[red7]

Where would you change this setting? Don't believe I have every ran across any settings for ssl.

 

[angelo990]

Have u checked the encryption domain is still set as your network?
something similar happen to me as it was mysteriously change to something else.

Good Luck

 

[red7]

Good Call A990 but the encrypt_dom is all good.

Another person can connect from his home workstation so I am going to write this one off as a problem with my home workstation. We have the same settings on the firewall. Must be some Win2K and CheckPoint anomaly. He is going to try my info tonight from home to make sure.

I am posting another question called Secure Remote/Client. Would like your feedback. Sort of related.