NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN + Ping - Timeout on Winodws



Ping times are steady around 60 ms, both on the Linux and Windows platform.
The source is a host which is subject to NAT but the destination is the
Nokia FW itself (pinging the external if)

One problem we have is that the users might suddenly experience a drop in
their SAP clients. I thought that might be related to the ping issues on
Windows (if ping isn't working from Windows, maybe other traffic might
suffer as well - even though it's not ICMP).

But maybe we just have to write this ping issue of as another lacking
Windows TCP/IP stack implementation...

Thomas
-----Original Message-----
From: Dale Wilson [mailto:[email protected]]
Sent: 24. mai 2002 11:06
To: [email protected]
Subject: Re: [FW-1] VPN + Ping - Timeout on Winodws


Thomas,

What are the ping times like when pinging from the Linux box? Remember that
Windoze ping isn't very clever and will show any ping packet that isn't
returned within 1 second as a timeout even if the ping packet is later
received. Have you trying increasing the timeout from the Windoze machine
with ping -w <big number>?

Regards,
Dale

At 17:01 23/05/2002 -0400, you wrote:
>I've had this issue as well.. I have not been able to solve this problem.
>I've done tcpdumps and captures to no end.  I've replaced interfaces, etc.
>At the time, the machine was running 4.1 SP2 IPSO 3.2.1.  If anyone does
>solve this, I'd very much appreciate any info you could forward.  This has
>not affected anything other than the ability to ping the remote host.
>
>TIA,
>Alex
>
>-----Original Message-----
>From: Mehta, Phoram [mailto:[email protected]]
>Sent: Thursday, May 23, 2002 2:58 PM
>To: [email protected]
>Subject: Re: [FW-1] VPN + Ping - Timeout on Winodws
>
>
>you are correct russell.
>the part that is weird here is,  "we frequently get dropped
>packets()timeout) in-between"  I don't know why would firewall allow some
>packets and block some. it should be something else. do you use NAT?
>
>PKM
>
>-----Original Message-----
>From: Russell Washington [mailto:[email protected]]
>Sent: Thursday, May 23, 2002 11:50 AM
>To: [email protected]
>Subject: Re: [FW-1] VPN + Ping - Timeout on Winodws
>
>
>I don't have any solid ideas, but pings from a Windows box are ICMP, while
I
>believe that pings from a Linux/Unix box are UDP... correct me if I'm wrong
>on the Linux/Unix part guys.  Of course, that doesn't explain the vanishing
>ICMP directly, but it may give you a place to look.
>
>-----Original Message-----
>From: Thomas Nilsen [mailto:[email protected]]
>Sent: Thursday, May 23, 2002 2:38 AM
>To: [email protected]
>Subject: [FW-1] VPN + Ping - Timeout on Winodws
>
>
>We're running a VPN between a NG FP1 and 4.1 SP3, as well as NG FP1 to NG
>FP1.
>
>When doing pings to a NAT host on the 4.1 side from a Windows based
>PC/server, we frequently get dropped packets()timeout) in-between. However,
>doing the same from a Linux/unix hosts at the same time all the ping
packets
>will go through. Changing the packet size makes no difference.
>
>We also have this issue with NG to NG, but it is less frequently here.
>
>The main NG installation is based on W2K, while all others are run on nokia
>IP 110/330.
>
>I've enabled the MTUBlackhole detect on the Windows PCs, but it does not
>help on this problem.
>
>Anyone got any good ideas as to why this is and how to fix it?
>
>Regards,
>Thomas

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.