Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecurID problems

To: [email protected]
Subject: [FW-1] SecurID problems
From: Martins Jody <[email protected]>
Date: Tue, 5 Mar 2002 12:13:49 -0000
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

We are currently implementing remote access into a LAN using SecurID. There
is an intermittent problem occurring, where users are being disconnected or
not being authenticated at all. When snooping , I see the following (it
appears that the firewall is not replying);

10.X.X.X -> fw udp D=259 S=259 LEN=96
fw -> 10.X.X.X udp D=259 S=259 LEN=96
10.X.X.X -> fw udp D=500 S=500 LEN=224
10.X.X.X -> fw udp D=500 S=500 LEN=224
10.X.X.X -> fw udp D=500 S=500 LEN=224

I think this is the firewall not doing its part of the key exchange.

Our Firewall = V4.1 SP5


We see the following in fwd.elg also;

ISAKMP AddNegotiation: try to handle too many negotiations

We also see funcchain processes spawning others;

funcchain Unkown_1 1 0 au_auth_async_func_list:1

Bouncing the firewall appears to rectify the problem, yet the problem
re-occurs 10-15 mins later.

The client PC's just get the SecueClient "error connecting to firewall"
message. The Client software is SP2 3DES Build 4165.

Any ideas?

Regards,

Jody Martins
______________________________________________________
Network Security (Firewall) Engineer
ICL Network Services: Firewall Team
Solihull(SOL02)

*  Consort House : Princes Gate : 6 Homer Road : Solihull : B91 3SA : UK
e-mail:       [email protected]
*  Office:   +44 (0)This e-mail is intended only for the addressee named above. As this e-mail
may contain confidential or privileged information if you are not, or
suspect that you are not, the named addressee or the person responsible for
delivering the message to the named addressee, please telephone us
immediately. Please note that we cannot guarantee that this message or any
attachment is virus free or has not been intercepted and amended. The views
of the author may not necessarily reflect those of the Company.
                International Computers Limited, Registered in England no
96056, Registered Office 26, Finsbury Square, London, EC2A 1SL

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] AW: [FW-1] AW: [FW-1] SMTP server communication and "unknown esta blished TCP pac ket"
Next by Date: Re: [FW-1] HA on RedHat Linux
Previous by thread: [FW-1] AW: [FW-1] AW: [FW-1] SMTP server communication and "unknown esta blished TCP pac ket"
Next by thread: [FW-1] Basic question
Index(es):
- Date
- Thread