[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Best CP 4.1 Service Pack To Use?
Hi, I'm using IKE, not manual IPSEC but I have heard there is a hotfix for this issue. Can anyone confirm this ? Your problem is most likely that your IKE SA renegiotation time is different between the two. Find out what sonicwall uses and configure the policy properties on your policy encryption tab to match. I had the same issue with the PIX initially. Also ensure you are using the same group on both. Inti. -----Original Message----- From: Eddy Chien [mailto:[email protected]] Sent: 07 March 2001 18:29 To: [email protected]; [email protected]; [email protected] Subject: RE: [FW1] Best CP 4.1 Service Pack To Use? Hi all, I had set up a SonicWall SOHO to work with VPN-1 4.1 SP1 using manual IPSEC without any problem for several months. But after I applied SP3 on VPN-1, the manual IPSEC stoped working. I didn't change anything on SonicWall side so it must be the VPN-1. Right now I am using IKE to make the SonicWall work with VPn-1. But the time needed for the key exchange can take up to serveral minutes and seems like it can only be initiated from SonicWall side. This is based the the log from SonicWall. I also see similar entries on FW-1 log. Any comment on this ? eddyc >From: "Vincent, Mike" <[email protected]> >To: "'Inti Shah '" <[email protected]>, "Vincent, Mike" ><[email protected]>, "''Siewert, Mark ' '" ><[email protected]>, >"'''[email protected]' ' '" ><[email protected]> >Subject: RE: [FW1] Best CP 4.1 Service Pack To Use? >Date: Tue, 6 Mar 2001 15:34:28 -0500 > > > I am not sure exactly what the problem with manual IPSEC is but I have >seen >that posted to the list by at least two or three people. Were you using >manual IPSEC between FW1 and the PIX? > >-----Original Message----- >From: Inti Shah >To: 'Vincent, Mike'; 'Siewert, Mark '; >''[email protected]' ' >Sent: 3/6/01 1:53 PM >Subject: RE: [FW1] Best CP 4.1 Service Pack To Use? > > >Hi, > >I'm interested in your comments about manual ipsec not working on SP3, >is >there >any info anyone has on this as I have successfully developed a config >for >PIX to >SP3 vpn and it works fine. I posted the details here earlier > >kind regards >inti > >-----Original Message----- >From: Vincent, Mike [mailto:[email protected]] >Sent: 06 March 2001 18:17 >To: 'Siewert, Mark '; ''[email protected]' ' >Subject: RE: [FW1] Best CP 4.1 Service Pack To Use? > > > >That depends on your enviroment and what features of the firewall you >use. >People have reported that Manual IPSEC is broken in Service Pack 3 >(don't >know because I don't use it) but SP3 adds VPNx support and SMTP >filtering >based on file name. I have not had a problem with Checkpoint stability >on >Solaris on any of the 4.1 service packs. I personally don't like to be >too >far behind on service packs but I hate to be the first to try one out. > >-----Original Message----- >From: Siewert, Mark >To: '[email protected]' >Sent: 3/6/01 12:25 PM >Subject: [FW1] Best CP 4.1 Service Pack To Use? > > > >We will be upgrading shortly to CP FW1 Version 4.1 >. >Base on overall experience, what is the best Service Pack (least amount >of >issues) >to use for Solaris 2.6 (SP1, SP2, or SP3)? > >Thanks In Advance.... > > > > > >======================================================================== >======== > To unsubscribe from this mailing list, please see the instructions >at > http://www.checkpoint.com/services/mailing.html >======================================================================== >======== > > >======================================================================== >==== >==== > To unsubscribe from this mailing list, please see the instructions >at > http://www.checkpoint.com/services/mailing.html >======================================================================== >==== >==== > > >======================================================================== >======== > To unsubscribe from this mailing list, please see the instructions >at > http://www.checkpoint.com/services/mailing.html >======================================================================== >======== > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|