[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FW: [FW-1] Cisco->FW1 VPN timeout problem
You may leave the list at any time by sending a "SIGNOFF FW-1-MAILINGLIST" command to [email protected]. You can also tell LISTSERV how you want it to confirm the receipt of messages you send to the list. If you do not trust the system, send a "SET FW-1-MAILINGLIST REPRO" command and LISTSERV will send you a copy of your own messages, so that you can see that the message was distributed and did not get damaged on the way. After a while you may find that this is getting annoying, especially if your mail program does not tell you that the message is from you when it informs you that new mail has arrived from FW-1-MAILINGLIST. If you send a "SET FW-1-MAILINGLIST ACK NOREPRO" command, LISTSERV will mail you a short acknowledgement instead, which will look different in your mailbox directory. With most mail programs you will know immediately that this is an acknowledgement you can read later. Finally, you can turn off acknowledgements completely with "SET FW-1-MAILINGLIST NOACK NOREPRO". >>> Zelljko Stanivuk <[email protected]> 02/19/02 01:04PM >>> UNSUBSCRIBE -----Original Message----- From: John Gesualdi [mailto:[email protected]] Sent: Tuesday, February 19, 2002 12:30 PM To: [email protected] Subject: [FW-1] Cisco->FW1 VPN timeout problem Hi , I keep ketting these messages on my Cisco router. When these messages come up the VPN goes down for a few minutes and then automatically fixes itself. Here's the message: IPSEC (decapsulation):error is decapsulation crypto ipsec_sa_exists. crypto-4-recvd_inv_SPI: decaps: rec'd IPSEC packet has invalid SPI destaddr=x.x.x.x, prot=50,spi=0x2f0j2500 ( 535353526) The emote office Cisco router is connected to my firewall using an IPSEC VPN. It's using IKE for the keys. On the Checkpoint firewall1 encryption propeties tab it says "renegotiate IKE SA every 52 minutes" and "renegotiate IPSEC SA's every 3600 seconds. On the Cisco router if I do "sh crypto isakmp policy". I see the lifetime set for 3120 seconds ( which equates to 52 minutes). If I do a "sh crypto ipsec security-association-lifetime". I see 4608000 kilobytes/3600 seconds which also matches the checkpoint properties tab. Please help. -- John A. Gesualdi, CCNP, CCDP, MCSE 2000 [email protected] The Providence Journal Company PhonePager================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|