[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN problems



No, not yet, because it is unpredictable; there is no way to tell when
the problem will occur.
I just happened to be on site once when it happened twice in one day. I
have known it work quite happily for 11 days. Approximately one week
seems to be an average, rather than "After 7 days exactly".
Unfortunately, the PDS has a *very* limited disk space, and on reboot
the logs are cleared (the management console is logging the CP logs) so
it is difficult to try & get any indication as to what the problem is.
Renegotiation problems is an idea though. I'll investigate a bit
further.

I think I'll have to set up syslog from the PDS onto another machine on
my network, and see if that will give me any help.

Thanks

Pete Dewell
"" wrote:
>
> I think IKE phase 1 keys expire after 1 week.  At least that is the default.
> It sounds like this might be a renegotiation problem.  Have you dumped
> traffic to catch this in the act?
>
> -Aaron
>
> -----Original Message-----
> From: Pete Dewell [mailto:[email protected]]
> Sent: Thursday, September 19, 2002 4:30 AM
> To: [email protected]
> Subject: [FW-1] VPN problems
>
> Hi,
>
> I have two sites, one running FW-1 4.1 on a Noia IP330, the other
> running NG on an Intrusion PDS 1105.
> There is a VPN set up between the two sites.
>
> Periodically, at intervals of approximately a week, the VPN on the NG
> (PDS 1105) box crashes. There is nothing that I can see in the logs that
> would indicate a problem, and other Internet access from the PDS is
> unaffected (HTTP/FTP etc is still OK). The PDS has a separate Management
> console.
>
> The only way round this (at the moment) is to reboot the PDS. This
> brings the VPN back up with no problems - for about another week.
>
> Any ideas?
>
> Pete Dewell
> --
>
> Technical Support/Analyst
> Volt Europe
> Tel    : (+44) (0) 1737 774100
> Fax    : (+44) (0) 1737 772949
> Mobile : (+44) (0)> E-mail  [email protected]
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

--

Technical Support/Analyst
Volt Europe
Tel    : (+44) (0) 1737 774100
Fax    : (+44) (0) 1737 772949
Mobile : (+44) (0)E-mail  [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================