[justin.knox]

Hi. I'm a relative newb to Check Point, the last time I did any work with it was pre-4.1. Here's my issue:

I'm in the process of a pilot roll-out of Check Point Express NGX. I'm doing this as a distributed deployment, management server is running as a virtual machine in VMware: Windows Server 2003, SP1. The enforcement module is an IP260 appliance from Nokia, running IPSO 3.9 Build 041.

I've installed R60 via the wrapper .tgz on the appliance, and I've had no trouble establishing SIC and managing my rulebase, in fact I've got that all working fine. However, I've added a rule to permit RemoteAccess users in. I've got a test user configured for preshared secret _and_ certificate, and when I use SecuRemote to attempt connection to the gateway from the internet segment of the pilot, I get an error in SmartView Tracker indicating the enforcement point has no key for IKE (phase 1 I'm betting here). The SecuRemote client also gets told that the gateway has no certificate for IKE and cannot connect (can't even complete creation of the site).

SmartView Tracker does show a successful, permitted Topology request just before this error, so I am sure there's no connectivity issues here. I've got a ticket opened with support, and we've gotten this far (before I was receiving an error stating that the user was not correctly configured).

Am I missing something? Is there anything that needs to be done via Voyager or CLISH that SmartCenter does not handle?
I've already got a request to purchase most of the recent books recommended by the group. I've also got a budget request for training, unfortunately my deadline is closer than both of those dates.

any help is appreciated