Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] bouncing IKE tunnel

To: "'[email protected]'" <[email protected]>
Subject: [FW1] bouncing IKE tunnel
From: Ian Campbell <[email protected]>
Date: Wed, 20 Sep 2000 16:43:31 -0700
Sender: [email protected]

Hi all,

we have three offices using FW1 4.1 sp2 using IKE to tunnel back and forth
to each other. It's been working great for months. I've just added a fourth
in Atlanta, but the tunnel has been bouncing up and down; running for awhile
then quitting. The first time it came back by itself, but after that it's
taken a cycle of the FW1 service to get it working again. Nothing unusual in
the NT event logs, and the FW logs show a 'no response from peer. Scheme:
IKE' message. It seems to work for less time each time we do this; the first
time it ran for a couple of days, the last time it only worked for a half
hour or so.

I have all the machines getting time updates from ntp servers, all the IKE
parameters are exactly the same in the VPN props of each FW...

Checkpoint suggested rewriting the rules in the rulebase and adding a rule
at the top of the list saying 'all encyrption domains' - 'all encryption
domains' - ISAKMP - accept, but I'm a little skeptical...

Anyone seen anything similar or got any ideas? Thanks,

Ian


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] RE: [rapt] Checkpoint vs. Raptor
Next by Date: RE: [FW1] Check Point Release Dates
Previous by thread: RE: [FW1] RE: [rapt] Checkpoint vs. Raptor
Next by thread: [FW1] message at the policy install screen
Index(es):
- Date
- Thread