BTYahoo & Securemote

Ever since the BTOpenworld switch to BTYahoo, I have been completely
unable to use Checkpoint Securemote on my home network (fails in IKE
Phase 1 authentication). Anyone have similar problems or maybe even a
solution?
I don't think its a problem with my pc or with my firewall because I
have a laptop that I can use with Securemote on other networks, just
not with BTYahoo

In all other respects my btyahoo connection is fine, BTYahoo say they
aren't blocking Secureremote ports. Anyone have any ideas?

"mightywif" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Ever since the BTOpenworld switch to BTYahoo, I have been completely
> unable to use Checkpoint Securemote on my home network (fails in IKE
> Phase 1 authentication). Anyone have similar problems or maybe even a
> solution?
> I don't think its a problem with my pc or with my firewall because I
> have a laptop that I can use with Securemote on other networks, just
> not with BTYahoo
>
> In all other respects my btyahoo connection is fine, BTYahoo say they
> aren't blocking Secureremote ports. Anyone have any ideas?

Are you using a modem or a NAT router? I had a similar baffling problem -
turned out my internal LAN IP addresses behind my router were conflicting
with the site I was connecting to. SecuRemote had worked perfectly for
months then it just stopped working. I had to alter my LAN internal IP
addresses and then all was good again. FWIW I use Nildram..

Have you tried using Ethereal (http://www.ethereal.com/distribution/win32/)
to see what's happening to the packets that get sent out?

I'm on a NAT router - my office is on a different IP scheme on me as well -
I changed my router's IP from 192.168.0.x to 10.66.0.x just in case - but
that makes no difference. I'll try the ethereal stuff and report back.


"James Hurrell" <(E-Mail Removed)> wrote in message
news:c6qh5v$eta8n$(E-Mail Removed)...
>
> "mightywif" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Ever since the BTOpenworld switch to BTYahoo, I have been completely
> > unable to use Checkpoint Securemote on my home network (fails in IKE
> > Phase 1 authentication). Anyone have similar problems or maybe even a
> > solution?
> > I don't think its a problem with my pc or with my firewall because I
> > have a laptop that I can use with Securemote on other networks, just
> > not with BTYahoo
> >
> > In all other respects my btyahoo connection is fine, BTYahoo say they
> > aren't blocking Secureremote ports. Anyone have any ideas?
>
> Are you using a modem or a NAT router? I had a similar baffling problem -
> turned out my internal LAN IP addresses behind my router were conflicting
> with the site I was connecting to. SecuRemote had worked perfectly for
> months then it just stopped working. I had to alter my LAN internal IP
> addresses and then all was good again. FWIW I use Nildram..
>
> Have you tried using Ethereal
(http://www.ethereal.com/distribution/win32/)
> to see what's happening to the packets that get sent out?
>
>

"mightywif" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Ever since the BTOpenworld switch to BTYahoo, I have been completely
> unable to use Checkpoint Securemote on my home network (fails in IKE
> Phase 1 authentication). Anyone have similar problems or maybe even a
> solution?
> I don't think its a problem with my pc or with my firewall because I
> have a laptop that I can use with Securemote on other networks, just
> not with BTYahoo
>
> In all other respects my btyahoo connection is fine, BTYahoo say they
> aren't blocking Secureremote ports. Anyone have any ideas?

Two of my colleagues are on BTO/BTYahoo and have been and still are using
SecuRemote to talk to our Checkpoint firewalls without problem.

Has anything changed on your firewall? your company's firewall?

One thing that you might want to try is to use the "update site" facility on
SecuRemote to update the topology - one pal had to do this after we made
some (seemingly minor) changes to the CP firewall config, IIRC. He could
get to the IKE ph1 but not beyond. The update fixed it.

HTH,
Regards,
Andy

Andy & James thanks for your help.

There have been no changes to the firewall, which I have checked and reset,
etc. anyway I can connect fine with securemote when I use a BTOpenworld
dial-up connection. it's just when I use the btopenworld connection - I've
ruled my router out of the blame by going back to the btopenworld supplied
frog and I get the same problem. SecureClient diagnostics last line is
"VPN-1 Gateway did not response to IKE key-exchane (IKE Phase1
failure -109)". Looking at the Ethereal packets that get through, there is
some traffic between my server and my pc, it just consistently fails at the
same stage on the BTYahoo / BTOpenworld network.

I've tried deleting, reinstalling the SecureClient settings till I'm blue in
the face. When I do google searches on the error message I get, it's like
no-one has ever had it before... Any help gratefully received

cheers
Neil



"Andrew Jackson" <(E-Mail Removed)> wrote in message
news:c6rug3$96a$1$(E-Mail Removed)...
> "mightywif" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Ever since the BTOpenworld switch to BTYahoo, I have been completely
> > unable to use Checkpoint Securemote on my home network (fails in IKE
> > Phase 1 authentication). Anyone have similar problems or maybe even a
> > solution?
> > I don't think its a problem with my pc or with my firewall because I
> > have a laptop that I can use with Securemote on other networks, just
> > not with BTYahoo
> >
> > In all other respects my btyahoo connection is fine, BTYahoo say they
> > aren't blocking Secureremote ports. Anyone have any ideas?
>
> Two of my colleagues are on BTO/BTYahoo and have been and still are using
> SecuRemote to talk to our Checkpoint firewalls without problem.
>
> Has anything changed on your firewall? your company's firewall?
>
> One thing that you might want to try is to use the "update site" facility
on
> SecuRemote to update the topology - one pal had to do this after we made
> some (seemingly minor) changes to the CP firewall config, IIRC. He could
> get to the IKE ph1 but not beyond. The update fixed it.
>
> HTH,
> Regards,
> Andy
>
>

"Neil McEachran" <(E-Mail Removed)> wrote in message
news:c74uqm$s$(E-Mail Removed)...
> Andy & James thanks for your help.
>
> There have been no changes to the firewall, which I have checked and
reset,
> etc. anyway I can connect fine with securemote when I use a BTOpenworld
> dial-up connection. it's just when I use the btopenworld connection -
I've
> ruled my router out of the blame by going back to the btopenworld supplied
> frog and I get the same problem. SecureClient diagnostics last line is
> "VPN-1 Gateway did not response to IKE key-exchane (IKE Phase1
> failure -109)". Looking at the Ethereal packets that get through, there
is
> some traffic between my server and my pc, it just consistently fails at
the
> same stage on the BTYahoo / BTOpenworld network.
>
> I've tried deleting, reinstalling the SecureClient settings till I'm blue
in
> the face. When I do google searches on the error message I get, it's like
> no-one has ever had it before... Any help gratefully received
>
> cheers
> Neil


Sorry, Neil, I've run out of ideas based on my experience. BTW, are you
using SecuRemote or SecureClient? The latter is a purchased application so
you might find that your firewall adminstrator can obtain support from CP or
your reseller. I have a feeling that SecureClient might require
ports/protocols in addition to the normal IPSec ones - something to do with
proprietary traffic to exchange "topology" information, which I don't think
is required for SecuRemote. If you have moved from SecuRemote to
SecureClient, maybe this port needs to be open on the router at the Firewall
end?

That's about all I can offer, I'm afraid.

Good luck,
Andy

"Andrew Jackson" <(E-Mail Removed)> wrote in message news:<c7572c$s29$1$(E-Mail Removed)>...
> "Neil McEachran" <(E-Mail Removed)> wrote in message
> news:c74uqm$s$(E-Mail Removed)...
> > Andy & James thanks for your help.
> >
> > There have been no changes to the firewall, which I have checked and
> reset,
> > etc. anyway I can connect fine with securemote when I use a BTOpenworld
> > dial-up connection. it's just when I use the btopenworld connection -
> I've
> > ruled my router out of the blame by going back to the btopenworld supplied
> > frog and I get the same problem. SecureClient diagnostics last line is
> > "VPN-1 Gateway did not response to IKE key-exchane (IKE Phase1
> > failure -109)". Looking at the Ethereal packets that get through, there
> is
> > some traffic between my server and my pc, it just consistently fails at
> the
> > same stage on the BTYahoo / BTOpenworld network.
> >
> > I've tried deleting, reinstalling the SecureClient settings till I'm blue
> in
> > the face. When I do google searches on the error message I get, it's like
> > no-one has ever had it before... Any help gratefully received
> >
> > cheers
> > Neil
>
>
> Sorry, Neil, I've run out of ideas based on my experience. BTW, are you
> using SecuRemote or SecureClient? The latter is a purchased application so
> you might find that your firewall adminstrator can obtain support from CP or
> your reseller. I have a feeling that SecureClient might require
> ports/protocols in addition to the normal IPSec ones - something to do with
> proprietary traffic to exchange "topology" information, which I don't think
> is required for SecuRemote. If you have moved from SecuRemote to
> SecureClient, maybe this port needs to be open on the router at the Firewall
> end?
>
> That's about all I can offer, I'm afraid.
>
> Good luck,
> Andy

Thanks Andy

I'm using SecureClient - I've tried several different versions. The
latest I have from BTYahoo support is:

"Since Bt yahoo have upgraded the servers there has been a problem
with "IPSec" packets degrading through the BT network."

So it appears that they are admitting some fault. Maybe they'll fix
it before I change providers. You never know.

Cheers for the help anyway.
Neil