[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW-1 not re-encrypting return outbound VPN traffic
Hi All Solaris 2.6 FW-1 SP2 3DES + Latest SR release for Win9598 We`ve only just started to look at VPN and SecuRemote stuff, so this may be an obvious cock-up by me. I have my VPN connection set up, and SR users can authenticate with the firewall. All SR traffic is NAtd into an IP pool on the FW. All the connections are OK most of the time, but every now and then, the connection hangs. What I`ve found in the log files is a bit puzzling. When the connections are OK, the traffic gets NATd to the IP pool, and the return traffic for the connection is then unNATd and sent back out over the VPN. When the connection hangs, the inbound traffic DOESNT get NATd but it is still passed on to the internal servers. The return traffic is then trying to get back to the REAL address of the SR host, not the NATd adddress.... and the FW stops it dead in its tracks. Has anyone else seen this kind of behviour? It seems to happen more on Lotus Notes, but maybe its just because Notes hangs up when it happens (and other programs just carry on doing other things while waiting). Any help you can give would be gratefully received. Many thanks in advance. -- Steve ------------------------------------------------- Steve Loughran, Network Infrastructure Manager Sony Computer Entertainment Europe (Cambridge) http://camsg001.millennium.co.uk/index.htm Yamaha YZF1000R Thunderace, ICQ#: 12666311 Team Waste - Where do you want to go wrong today? ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|