[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8
I spoke with an technical guy from Checkpoint today. There are some bugs in VPN1 FP1. It is recommended to use FP2!!! Also in the Cisco IOS is a bug http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdt53884 When phase2 keys will generated new after 1800 sec. I get the error message nice to troubleshoot :-( regards thomas -----Ursprüngliche Nachricht----- Von: Russell Washington [mailto:[email protected]] Gesendet: Donnerstag, 13. Juni 2002 17:55 An: [email protected] Betreff: Re: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8 Phase 1 and Phase 2 lifetimes are separate and distinct, on both sides. Are you saying that all four (phase 1, Cisco, phase 2, Cisco, phase 1, Checkpoint, phase 2, Checkpoint) are set to 1800? This has all the marks of a lifetime issue, i.e., one side isn't set to the same thing as the other, so when the device with the shorter renegotiation time kills its SA, the thing goes south. -----Original Message----- From: Thomas Snor [mailto:[email protected]] Sent: Thursday, June 13, 2002 2:52 AM To: [email protected] Subject: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8 hello, I have some troubles with my ipsec between the following devices: CP FW1 NG FP1 -> Cisco 1720 running ios c1700-k9o3sy-mz.122-7c.bin tunnel is working fine, but after one hour it starts to make problems on cp side I see the following log: encryption falilure: packet is dropped as there is no valid SA on the Cisco side IKE message from X.X.X.X failed its sanity check or is malformed Security association lifetime: 1800 on both sides hope someone can help me thx Thomas Network Operations Center .................................................. VIANET - THE INTERNET COMPANY VIANET Telekommunikations AG Tel +43-1-40 40 20 Mariannengasse 14 Fax +43-1-40 40 240 A-1090 Vienna Austria mailto:[email protected] Web: http://www.vianet.at .................................................. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|