[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)

To: [email protected]
Subject: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
From: egonle <[email protected]>
Date: Tue, 24 Dec 2002 08:41:48 -0500
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

jimbo <[email protected]> wrote:

>guys, first of all, is the VPND process running on the module... ???
>
>


Hi,
vpnd is running, even IKE SAs *AND* IPSec SAs are established - that�s really weird behavior of NG-FP3. As I said with NG-FP2 the VPN setup was really fine.

Regards
Egonle

>
>
>
>-----Original Message-----
>From: Mailing list for discussion of Firewall-1
>[mailto:[email protected]]On Behalf Of
>Russell Washington
>Sent: 23 December 2002 16:46
>To: [email protected]
>Subject: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
>
>
>I doubt very seriously that the error you describe is caused by a DES vs
>3DES issue, especially considering that the proposed reason for dropping to
>DES is a restriction on the *other* (4.1SP3) firewall.
>
>I could be remembering incorrectly, but I believe I was supporting a 4.1
>firewall with more than a few 3DES tunnels that was on either SP0 or SP3 and
>we never ran into this kind of thing.  If the issue is tied to the combo of
>4.1 3DES vs FP3 3DES... that would indeed be interesting.
>
>I know nothing about Stonesoft so I can't answer your Q there, but I'd be
>looking at the NG box.  After all, it is the thing that changed and busted
>your VPN. :)
>---
>Russell Washington, CCSE, CCSA, NCSA
>Too many doggoned letters after my name.../
>
>
>----- Original Message -----
>From: "egonle" <[email protected]>
>To: <[email protected]>
>Sent: Monday, December 23, 2002 4:43 AM
>Subject: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
>
>
>Hi,
>
>thanks for any reply :-)
>Well, it is a site to site VPN configuration. Why should I use DES instead
>of 3DES? Is 3DES kind of broken in FP3?
>How about using a different algorithm?
>
>
>Regards,
>Egonle
>
>William Wang <[email protected]> wrote:
>
>>Egonle, I guess it should be a site to site VPN configuration. Please make
>sure you're using DES not 3DES as your Enryption algorithm. Your need to
>change it from your related rules manually because the default one is 3DES
>>
>>-----Original Message-----
>>From: egonle [mailto:[email protected]]
>>Sent: Friday, December 20, 2002 8:47 AM
>>To: [email protected]
>>Subject: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
>>
>>
>>Hi,
>>
>>I'm running a VPN to another company. We've setup FP3-Hotfix1 (with
>stonesoft) the remote partner uses Checkpoint FW-1 4.1SP3.
>>
>>Until the upgrade to FP3 anything was just working fine however since our
>module runs FP3 IKE/IPSec SAs are established but after that the connection
>the our system is dropped. The info field of the drop is:
>>"dst scheme: NA, route status: temporary unavailable resources;" . Does
>anybody know/imagine what that should tell me?
>>I've switched on/off many options but none did change that error. Please
>help. Might it be a stonesoft (FC3.0) issue?
>>
>>Regards
>>Egonle
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================
>

__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
  - From: jimbo <[email protected]>

Prev by Date: Re: [FW-1] No Encrypt option under Action tab?!?!
Next by Date: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
Prev by thread: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
Next by thread: Re: [FW-1] FP-3 VPN trouble (temporary unavailable resources)
Index(es):
- Date
- Thread