- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: Certificate VPN doesn't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Certificate VPN doesn't work
Good afternoon!
I have a problem with VPN connection with Endpoint Security VPN.
The certificate issued on EPS version 86.60 does not work on another computer with EPS version 86.60.
But this certificate works well on computer with EPS version 85.00.
Could you tell me what the problem is?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What type of certificate is used and what is the error that you see on the client when it doesn't work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The type used is PKCS#12. No error messages appear when the client cannot connect to the gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does it work with E85.00 and not work with E86.60 on the exact same computer?
Might need TAC to assist with this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, this problem appears on the same computer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As @Chris_Atkinson asked, what type of cert is it? Are we talking the actual client cert or the vpn cert on the gateway?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The type used is PKCS#12. Employees use hardware tokens with certificates.
We are talking about the actual client cert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
Problem solved, how? We are facing a similar problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would involve TAC for this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have the same issue with ESP 86.80 connecting to a VPN site to site on Quantum FW1595. Some computers with the same EPS work fine and others don't. The only difference I found is related to the internet provider, because some branches use different IPS for connecting to the firewall.
Does anybody knows how to fix this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you say "don't work" what exact symptoms and logs do you see?
The only time I've seen an issue related to ISP is when CGNAT is involved, which will sometimes change the IP during a session.
You can try forcing Visitor Mode, but I'm not sure how to do that on locally managed SMB appliances.
If centrally managed (with Smart-1), see: https://support.checkpoint.com/results/sk/sk107433