|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Securemote failures
I wrote last week about securemote failing for about half of our employees. We could see packets from the failing connections entering the firewall, but not leaving any of the interfaces. No drops could be found in the log viewer. A laptop that functioned at my house (over DSL) would not function on a dialup connection. The problem was eventually traced to the IP NAT Pool being full. It appears that the NAT associations never time out! The employees that were still working were on static addresses at their homes, and their associations in the table allowed them to continue functioning. Those coming in on dynamic addresses (like my laptop on dialup) were refused, as no new associations could be made. We temporarily solved this problem by deleting all entries in the pool. I need a more permanent solution, i.e. why don't the entries time out? Any ideas? Interesting experiment was to purge the pool while the dialled in laptop ran ping -t to an internal machine. Two packets were missed, but it then started right back up again. This being the case I am considering cron'ing the command to empty the pool to run each night at 2AM or something. Any comments on this approach? Thanks! Jeff LaCoursiere Infrastructure Specialist T-Motion ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
