[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] encryption fail reason: temporary unavailable resources
In my experience this kind of encryption message is telling me a packet filtering device is getting in the way, in this case preventing UDP 500 and protocol 50 connections back to the SR / SC client, BUT you say this worked ok before upgrading?? Have you tried it with an FP3 SC Client? Do you have a rule which prevents NAT hide when internal networks speak to IP Pool Networks? Cheers AnT -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Reinhard Stich Sent: 25 July 2003 11:08 To: [email protected] Subject: Re: [FW-1] encryption fail reason: temporary unavailable resources hi, any info about this error-message: encryption fail reason: temporary unavailable resources cheers reinhard At 09:54 05.05.2003 -0400, you wrote: >I am having a problem after upgrading from 4.1 SP6 to NG FP3. > >The problem is that internal IP addresses can no longer access a VPN >SecuRemote/SecureClient users. The error gets logged as >"encryption fail reason: temporary unavailable resources" > >I am using IKE pre-shared secrets and IP NAT Pool and SecuRemote and Secure >Client 4.1 (SP5) and NG FP3. The firewall and management station are both >NG FP3... > >Most applications work except the ones that require a back connection. I >can replicate the problem by initiating a ping from Internal IP to SR/SC IP >NAT Pool address... > >So basically... >If an internal user/application tries to ping/access the IP NAT Pool address >it will fail with error "encryption fail reason: temporary unavailable >resources" >But if internal ip tries to ping/access the address bound to >SecuRemote/SecureClient NIC then it will work. > >Thanks >T. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= -- Reinhard Stich, ASSIST [email protected] Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|