[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] encryption failure: Packet is dropped as there is no valid SA
- To: [email protected]
- Subject: Re: [FW-1] encryption failure: Packet is dropped as there is no valid SA
- From: Frank Darden <[email protected]>
- Date: Tue, 22 Oct 2002 18:51:14 -0400
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJ502ozUn+C89BqT5eHKfvpwUAtCAASePhQ
- Thread-Topic: [FW-1] encryption failure: Packet is dropped as there is no valid SA
This is a wild guess, but I have seen this before, and its well
documented on the list. By any chance, have you defined the firewalls
object with its internal IP address? The 10 minute thing is what gives
this away....
Frank Darden
Mission Critical Systems Check Point Premier, ATC, CSP-----Original Message-----
From: Micha Borrmann [mailto:[email protected]]
Sent: Tuesday, October 22, 2002 9:34 AM
To: [email protected]
Subject: [FW-1] encryption failure: Packet is dropped as there is no
valid SA
Hallo,
I've a strange problem with one NG FP2 installation (running on Linux)
and
SecuRemote/SecureClient. After authentication with IKE everything is ok,
but few minutes later the encrypted tunnel is dropped. This is after
about
10 Minutes. I've seen only one entry in the logfile with a dropped
packet,
but no source and destination is written in the log. I see only
"encryption failure: Packet is dropped as there is no valid SA" in the
info field.
In the SecureClients Diagnostics I've seen a similar entry too:
"encryption failure:: Packet is dropped as there is no valid SA"
I don't have an idea what I can do to solve this problem? Has anybody
hints for this situation?
Thanks,
Micha Borrmann
--
Micha Borrmann Tel: +49 7071 407856-16
Security Consultant Fax: +49 7071 407856-19
syss System Security handy: +49 173 51 228 67
Friedrich-Dannenmann-Str. 2 mail: [email protected]
D-72070 Tuebingen http://www.syss.de/
Key fingerprint = CB95 DA11 6FC9 8B49 D3E7 BEF6 E6BD 9BCA CCE5 7720
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================