[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] IKE slow Phase 1 to Phase 2 negotiation
Folks, For several months now I've been plagued by a problem that affects only IKE encryption between SecureClients/SecuRemote users and a central firewall, this is shown as slow negotiation between IKE phase 1 and IKE phase 2 which in my case took about 60 seconds. FWZ encryption on the same host functions without any problems. After much diagnosis, parallel builds of fresh firewalls and work with Checkpoint a solution was presented by Checkpoint Tech support yestdaday - I thought I'd share with you all since I know I've been approached by others with the same issue. The solution is simply to remove ALL domain objects from your configuration, that is delete all domain objects from the rules base and replace them with groups that contain either networks or discrete hosts to perform the same function. Once this has been done and the rules base has been re-installed IKE will function as expected and both phase 1 and phase 2 will occur within about 1 second. Thanks to all those who responded to my original post and those who reported that IKE worked for them. Regards Tim ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** Folks,
For several months now I've been plagued by a problem that affects only
IKE encryption between SecureClients/SecuRemote users and a central firewall,
this is shown as slow negotiation between IKE phase 1 and IKE phase 2 which in
my case took about 60 seconds. FWZ encryption on the same host functions
without any problems. After much diagnosis, parallel builds of fresh firewalls and work with
Checkpoint a solution was presented by Checkpoint Tech support yestdaday
- I thought I'd share with you all since I know I've been approached by
others with the same issue. The solution is simply to remove ALL domain objects from your
configuration, that is delete all domain objects from the rules base and replace
them with groups that contain either networks or discrete hosts to perform the
same function. Once this has been done and the rules base has been re-installed IKE will
function as expected and both phase 1 and phase 2 will occur within about 1
second. Thanks to all those who responded to my original post and those who
reported that IKE worked for them. Regards Tim
|