Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] AW: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8

To: [email protected]
Subject: Re: [FW-1] AW: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8
From: Russell Washington <[email protected]>
Date: Thu, 13 Jun 2002 15:24:34 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Wow that bug looks like fun :-(

Thx for the link.  I wonder if this is posted anywhere that doesn't require
reseller or support contract access, for the folks here who don't have it?

-----Original Message-----
From: Thomas Snor [mailto:[email protected]]
Sent: Thursday, June 13, 2002 1:55 PM
To: [email protected]
Subject: [FW-1] AW: [FW-1] ipsec between cisco1720 and NG FP1 running on
solaris8


I spoke with an technical guy from Checkpoint today. There are some bugs in
VPN1 FP1. It is recommended to use FP2!!! Also in the Cisco IOS is a bug
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdt53884

When phase2 keys will generated new after 1800 sec. I get the error message
nice to troubleshoot :-( regards thomas

-----Ursprüngliche Nachricht-----
Von: Russell Washington [mailto:[email protected]]
Gesendet: Donnerstag, 13. Juni 2002 17:55
An: [email protected]
Betreff: Re: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8


Phase 1 and Phase 2 lifetimes are separate and distinct, on both sides.  Are
you saying that all four (phase 1, Cisco, phase 2, Cisco, phase 1,
Checkpoint, phase 2, Checkpoint) are set to 1800?

This has all the marks of a lifetime issue, i.e., one side isn't set to the
same thing as the other, so when the device with the shorter renegotiation
time kills its SA, the thing goes south.

-----Original Message-----
From: Thomas Snor [mailto:[email protected]]
Sent: Thursday, June 13, 2002 2:52 AM
To: [email protected]
Subject: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8


hello,
I have some troubles with my ipsec between the following devices: CP FW1 NG
FP1 -> Cisco 1720 running ios c1700-k9o3sy-mz.122-7c.bin tunnel is working
fine, but after one hour it starts to make problems on cp side I see the
following log: encryption falilure: packet is dropped as there is no valid
SA on the Cisco side IKE message from X.X.X.X failed its sanity check or is
malformed

Security association lifetime: 1800 on both sides
hope someone can help me
thx
Thomas

Network Operations Center ..................................................
VIANET - THE INTERNET COMPANY

VIANET Telekommunikations AG  Tel +43-1-40 40 20
Mariannengasse 14              Fax +43-1-40 40 240
A-1090 Vienna
Austria

mailto:[email protected]
Web:   http://www.vianet.at
..................................................

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Scheduled fw logswitch no workie-- any ideas? :)
Next by Date: [FW-1] many users to User Database at once
Previous by thread: Re: [FW-1] Article - Multihoming for small to medium sized businesses
Next by thread: [FW-1] many users to User Database at once
Index(es):
- Date
- Thread