Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] IKE slow Phase 1 to Phase 2 negotiation

To: [email protected]
Subject: [FW1] IKE slow Phase 1 to Phase 2 negotiation
From: Chilton Tim <[email protected]>
Date: Tue, 30 Jan 2001 09:30:17 -0000
Sender: [email protected]

Folks,
 
For several months now I've been plagued by a problem that affects only IKE
encryption between SecureClients/SecuRemote users and a central firewall,
this is shown as slow negotiation between IKE phase 1 and IKE phase 2 which
in my case took about 60 seconds. FWZ encryption on the same host functions
without any problems.
 
After much diagnosis, parallel builds of fresh firewalls and work with
Checkpoint a solution was presented by Checkpoint Tech support yestdaday - I
thought I'd share with you all since I know I've been approached by others
with the same issue.
 
The solution is simply to remove ALL domain objects from your configuration,
that is delete all domain objects from the rules base and replace them with
groups that contain either networks or discrete hosts to perform the same
function.
 
Once this has been done and the rules base has been re-installed IKE will
function as expected and both phase 1 and phase 2 will occur within about 1
second.
 
Thanks to all those who responded to my original post and those who reported
that IKE worked for them.
 
Regards
 
Tim


************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************

Folks,

For several months now I've been plagued by a problem that affects only 
IKE encryption between SecureClients/SecuRemote users and a central firewall, 
this is shown as slow negotiation between IKE phase 1 and IKE phase 2 which in 
my case took about 60 seconds. FWZ encryption on the same host functions 
without any problems.

After much diagnosis, parallel builds of fresh firewalls and work with 
Checkpoint a solution was presented by Checkpoint Tech support yestdaday 
- I thought I'd share with you all since I know I've been approached by 
others with the same issue.

The solution is simply to remove ALL domain objects from your 
configuration, that is delete all domain objects from the rules base and replace 
them with groups that contain either networks or discrete hosts to perform the 
same function.

Once this has been done and the rules base has been re-installed IKE will 
function as expected and both phase 1 and phase 2 will occur within about 1 
second.

Thanks to all those who responded to my original post and those who 
reported that IKE worked for them.

Regards

Tim

Prev by Date: Re: [FW1] ftp connect thru fw1 takes alot of time
Next by Date: [FW1] "Virtual defragmentation error"
Previous by thread: RE: [FW1] SQL 2000
Next by thread: [FW1] "Virtual defragmentation error"
Index(es):
- Date
- Thread