NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Best CP 4.1 Service Pack To Use?



Hi,

I'm using IKE, not manual IPSEC but I have heard there is a hotfix for this
issue.

Can anyone confirm this ?

Your problem is most likely that your IKE SA renegiotation time is different
between
the two.  Find out what sonicwall uses and configure the policy properties
on your policy
encryption tab to match.  I had the same issue with the PIX initially.  Also
ensure you
are using the same group on both.



Inti.

-----Original Message-----
From: Eddy Chien [mailto:[email protected]]
Sent: 07 March 2001 18:29
To: [email protected]; [email protected];
[email protected]
Subject: RE: [FW1] Best CP 4.1 Service Pack To Use?



Hi all,

I had set up a SonicWall SOHO to work with VPN-1 4.1 SP1 using manual IPSEC 
without any problem for several months.  But after I applied SP3 on VPN-1, 
the manual IPSEC stoped working.  I didn't change anything on SonicWall side

so it must be the VPN-1.  Right now I am using IKE to make the SonicWall 
work with VPn-1.  But the time needed for the key exchange can take up to 
serveral minutes and seems like it can only be initiated from SonicWall 
side.  This is based the the log from SonicWall.  I also see similar entries

on FW-1 log.  Any comment on this ?



eddyc



>From: "Vincent, Mike" <[email protected]>
>To: "'Inti Shah '" <[email protected]>,        "Vincent, Mike"  
><[email protected]>,        "''Siewert, Mark ' '"  
><[email protected]>,        
>"'''[email protected]' ' '"  
><[email protected]>
>Subject: RE: [FW1] Best CP 4.1 Service Pack To Use?
>Date: Tue, 6 Mar 2001 15:34:28 -0500
>
>
>  I am not sure exactly what the problem with manual IPSEC is but I have 
>seen
>that posted to the list by at least two or three people.  Were you using
>manual IPSEC between FW1 and the PIX?
>
>-----Original Message-----
>From: Inti Shah
>To: 'Vincent, Mike'; 'Siewert, Mark ';
>''[email protected]' '
>Sent: 3/6/01 1:53 PM
>Subject: RE: [FW1] Best CP 4.1 Service Pack To Use?
>
>
>Hi,
>
>I'm interested in your comments about manual ipsec not working on SP3,
>is
>there
>any info anyone has on this as I have successfully developed a config
>for
>PIX to
>SP3 vpn and it works fine.  I posted the details here earlier
>
>kind regards
>inti
>
>-----Original Message-----
>From: Vincent, Mike [mailto:[email protected]]
>Sent: 06 March 2001 18:17
>To: 'Siewert, Mark '; ''[email protected]' '
>Subject: RE: [FW1] Best CP 4.1 Service Pack To Use?
>
>
>
>That depends on your enviroment and what features of the firewall you
>use.
>People have reported that Manual IPSEC is broken in Service Pack 3
>(don't
>know because I don't use it) but SP3 adds VPNx support and SMTP
>filtering
>based on file name.  I have not had a problem with Checkpoint stability
>on
>Solaris on any of the 4.1 service packs.  I personally don't like to be
>too
>far behind on service packs but I hate to be the first to try one out.
>
>-----Original Message-----
>From: Siewert, Mark
>To: '[email protected]'
>Sent: 3/6/01 12:25 PM
>Subject: [FW1] Best CP 4.1 Service Pack To Use?
>
>
>
>We will be upgrading shortly to CP FW1 Version 4.1
>.
>Base on overall experience, what is the best Service Pack (least amount
>of
>issues)
>to use for Solaris 2.6 (SP1, SP2, or SP3)?
>
>Thanks In Advance....
>
>
>
>
>
>========================================================================
>========
>      To unsubscribe from this mailing list, please see the instructions
>at
>                http://www.checkpoint.com/services/mailing.html
>========================================================================
>========
>
>
>========================================================================
>====
>====
>      To unsubscribe from this mailing list, please see the instructions
>at
>                http://www.checkpoint.com/services/mailing.html
>========================================================================
>====
>====
>
>
>========================================================================
>========
>      To unsubscribe from this mailing list, please see the instructions
>at
>                http://www.checkpoint.com/services/mailing.html
>========================================================================
>========
>
>
>===========================================================================
=====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.