[vpn-help] Cannot connect to checkpoint firewall

[kevin vpn]

On Wed, 29 Jun 2011 09:12:36 +0200
Antenore Gatta <antenore at gmail.com> wrote:

> Hi Kevin,
> 
> Thanks a lot for your reply
> 
> On Wed, Jun 29, 2011 at 4:59 AM, kevin vpn <kvpn at live.com> wrote:
> >
> > Hi Antenore,
> >
> > The "resend 1 phase1 packet(s)" messages in the iked.log file
> > suggest that the CheckPoint gateway is not responding to the Shrew
> > client's packets.  You may have to look that the CheckPoint logs to
> > see if the packets are even arriving at the gateway, and if they
> > are, why the CheckPoint is not responding to them.
> 
> Unlucky I don't have access to the CheckPoint logs, so I cannot really
> investigate further.
> 
> I've a windows client that can connect to the checkpoint with
> secureclient and it's where I took the userc.C file.
> 

Hi Antenore,

You can send me the userc.C file if you'd like, but only if it is a
plaintext file, because I don't have a SecureClient to import it into.

The interesting thing with your iked.log output is that you are getting
no response at all from the gateway.  It's not that negotiations are
failing, it is that there is no communication at all.  It may be that
the gateway only responds to SecureClient requests or that it uses a
different port. Are you sure that the SecureClient is not using an SSL
VPN?  Shrew only supports IPSec VPN connections.

If you know Wireshark, you could install it on the Windows PC. Start a
trace and connect using the SecureClient.  The trace will show you what
ports the SecureClient is using.