[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Checkpoint NG FP2 + PIX VPN Problem
- To: [email protected]
- Subject: Re: [FW-1] Checkpoint NG FP2 + PIX VPN Problem
- From: "Mellor, Derin" <[email protected]>
- Date: Mon, 7 Oct 2002 10:26:11 +0100
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJryROiEEjohRkGQ4e37Vns93QENACGVWgw
- Thread-Topic: [FW-1] Checkpoint NG FP2 + PIX VPN Problem
In a previous job I had observed the following problem with CP when
using CP 4.1
At session renegotiation, IKE requires the sending of an
IKE_DELETE_NOTIFY message, on completion of the successful negotiation
of a new set of IKE proposals and transforms and proposals. In the
trace, it seemed apparent that the Check Point host sent a
IKE_DELETE_NOTIFY before both ends had agreed a new set of session
proposals and transforms - this would lead to tunnel failure generally
on the IKE lifetime boundary.
Maybe having a shorter IKE lifetime at the Cisco end might improve the
situation?
Regards Derin
-----Original Message-----
From: Yannick Lo Guidice [mailto:[email protected]]
Sent: 04 October 2002 17:29
To: [email protected]
Subject: Re: [FW-1] Checkpoint NG FP2 + PIX VPN Problem
Raghavendra B V <[email protected]> said:
Problem Description:The VPN works fine between checkpoint & Pix.Randomly
the connection drops & the vpn stops working.In this case i have to
reboot PIX (clear ipsec SA)every time.Once in 15-20 days it happens. The
log file of checkpoint says encryption failure: Packet is dropped as
there is no valid SA.
------
I have the same problem. But in my case, the VPN acts strangely : the
connection stops working after some time of inactivity... I have not
been able to find any reason for this. Apprently, making a traceroute
makes the VPN go up again...
--
Mr Lo
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
<FONT SIZE=1>**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately and then delete from your system.
This footnote also confirms that this email message has been swept
for the presence of known computer viruses.
**********************************************************************</FONT>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================