[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] urgent problem with FP3 VPNs

To: [email protected]
Subject: Re: [FW-1] urgent problem with FP3 VPNs
From: Xena Warrior <[email protected]>
Date: Fri, 20 Dec 2002 15:18:56 -0800
In-Reply-To: <C02017D0F509EB48A7947CD7CC022BA5141EFB@sansouci>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Is vpnd running on firewall?
If you perform a netstat -an is UDP port 500 listed?

Are you Nating connections between sites and not
supposed to?

Check Your encryption domain information very closely.
The HUB firewall is the common denominator....start
there.

HTH


--- Oral Mohan <[email protected]> wrote:
> All on the network side is fine. We've disabled the
> VPNs and are running
> traffic unencrypted over the Frame Relay network.
> The CP VPN engine does
> not even attempt to do a key exchange and that is
> the worrying factor.
>
>
>
> Regards,
>
> Oral
>
>
>
>
>
> -----Original Message-----
> From: Hal Dorsman [mailto:[email protected]]
> Sent: Friday, December 20, 2002 11:04 AM
> To: [email protected]
> Subject: Re: [FW-1] urgent problem with FP3 VPNs
>
>
>
> Did you confirm the integrity of your network?
> Troubleshoot it from the
> physical
>
> layer up, and be sure you aren't having any packet
> loss or corruption.
> You say
>
> VPN's are going down.  Look for network segments
> that the failing VPN's
> have
>
> in common.  Try other apps or diagnostic tools to
> confirm that your
> networks are
>
> functioning normally without the VPN's.
>
>
>
> Hal
>
>
>
> Hal Dorsman
> Network Administrator
> Rocky Mountain Elk Foundation
> Missoula, Montana USA
> [email protected]
>>
> -----Original Message-----
> From: Oral Mohan [mailto:[email protected]]
> Sent: Friday, December 20, 2002 4:36 AM
> To: [email protected]
> Subject: [FW-1] urgent problem with FP3 VPNs
>
> Gurus,
>
>
>
> I'm currently dealing with a very urgent situation
> where we've deployed
> over 50 sites with Check Point NG FP3/Nokia IPSO 3.6
> that interconnect
> with VPNs using 3DES IKE and VPN Communities (Star
> config). Yesterday
> morning, VPNs started "mysteriously" going down.
> Spoke Firewalls keep
> logging "Invalid SA" and (even after re-installing
> the software), won't
> even ATTEMPT to do a key exchange. We've engaged CP
> support and
> escalated, but any assistance to be had would be
> appreciated at this
> point.
>
>
>
> Regards,
>
> Oral Mohan
>
>


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] urgent problem with FP3 VPNs
  - From: Oral Mohan <[email protected]>

Prev by Date: [FW-1] Cisco to Checkpoint VPN - My holiday wish
Next by Date: Re: [FW-1] Cisco to Checkpoint VPN - My holiday wish
Prev by thread: Re: [FW-1] urgent problem with FP3 VPNs
Next by thread: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
Index(es):
- Date
- Thread