2.1a is "buggy". We had many problems until upgrading to 2.1c. that my be
At 06:45 AM 1/15/97 -0500, you wrote:
>Hi All !
>Blimey ! FW-1 has more bugs than sendmail ;-> Well, ok maybe not THAT many !
>Anyway I'm in dire need of help !
>I'm over here in jolly old England deploying a 2nd FW-1/Solaris x86 machine.
>FW-1 is 2.1a (Suns latest release) and solaris 2.5.1 x86. We cannot get the
>firewall here and the (same) one in the US to exchange keys.
>Each machine is set up as it's own CA (ie FW-A CA defined as "local" on FW-A
>and "remote, FW-B" on FW-B. FW-B is setup in the same fashion). I can get
>both CA keys exchanged. I can get ONE machine to send its encryption key
>to the other, but I can't get the final encryption key exchanged. Instead I
>get "Certificate Authority (FW-A) does not have key defined for FW-A".
>We are running a VERY simple NAT configuration, one rule which just hides
>everything behind the EXTERNAL addess of the respective firewall. The rule
>is "any, any, any accept" - can't be much simpler than that.
>If anyone has any ideas pls let me know.....btw I am sure this is NOT a
>problem but if you have any idea... I spent ALL YESTERDAY on the phone
>best suppt person sun has to offer and sone guy from checkpoint too....they
>stumped (and my bloody ear hurts too from the phone :-()
>I'd also like to hear from ANYONE who is running VPN and NAT with FW-1 on
>any platform, Sun and Checkpoint as much as told me that NO-ONE is doing it
>on my platform, they certainly didn't test it !
Darwin L. Martinez Voice: 404-843-5954
Network Systems Engineer Pager: 888-346-1320
International Network Services Vmail: 770-641-4004
Atlanta Office Email: <mailto:darwin_martinez @
"Happiness is a belt-fed weapon."