How to configure SSL extender for NGX on Nokia platform

[checkisco]

h everyone I just upgrade to NGX version, We already have secure remote users configured, I would like to test the new SSL extender fonctionality.

could someone help me about the installation procedure (I'm new in this thing)

This my configuration :

Checkpoint version : NGX 60

MANAGEMENT STATION OS : windows 2000
Enforcement modules : 02 Nokia IP530 on VRRP mode.

Thanks a lot,

[giallorossi77]

Hi,
I followed the instructions reported on the official CP documentation but I'm not able to make it work.
Systems:
nokia ip350
NGX hfa04 with distributed installation (CMA is on P1).

After changing Voyager port to 444, the nokia answers to 443 port request, but I'm not able to get the SNX login page.
It seems (looking at the vpnd.elg) that the Vpn-1 and remote peer cannot negotiate TCP session paramters.

Any Idea?

3056128]@fw[24 Oct 9:41:48] async_mux_data_handler: Try connection type TCPT with 0 bytes
[vpnd 529 3056128]@fw[24 Oct 9:41:48] async_mux_data_handler: Connection type got 0, needs 4 bytes
[vpnd 529 3056128]@fw[24 Oct 9:41:48] async_mux_data_handler: Wait for 4 more bytes
[vpnd 529 3056128]@fw[24 Oct 9:41:48] fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[vpnd 529 3056128]@fw[24 Oct 9:41:48] async_mux_data_handler: Try connection type TCPT with 4 bytes
[vpnd 529 3056128]@fw[24 Oct 9:41:48] async_mux_data_handler: No connection types matched -- failed!

[BruceR]

checkisco we are running almost exactly the same hardware/software.

2 x IP560's NGX R60 HFA_04 & Management station on Win 2003 and NGX R60 HFA_04

It's quite well documented in CheckPoint_NGX_VPN_Guide.pdf

Make sure the SNX licences are on the management station, NOT the enforcement module. This is what caught me out. Also if you are running in Trad mode, the enforcement module object must be in the remote access community.

Run a VPN debug and check vpnd.elg for errors. Good luck