In my experience this kind of encryption message is telling me a packet
filtering device is getting in the way, in this case preventing UDP 500
and protocol 50 connections back to the SR / SC client, BUT you say this
worked ok before upgrading??
Have you tried it with an FP3 SC Client?
Do you have a rule which prevents NAT hide when internal networks speak
to IP Pool Networks?
Cheers
AnT
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
Reinhard Stich
Sent: 25 July 2003 11:08
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] encryption fail reason: temporary unavailable
resources
hi,
any info about this error-message:
encryption fail reason: temporary unavailable resources
cheers
reinhard
At 09:54 05.05.2003 -0400, you wrote:
>I am having a problem after upgrading from 4.1 SP6 to NG FP3.
>
>The problem is that internal IP addresses can no longer access a VPN
>SecuRemote/SecureClient users. The error gets logged as
>"encryption fail reason: temporary unavailable resources"
>
>I am using IKE pre-shared secrets and IP NAT Pool and SecuRemote and
Secure
>Client 4.1 (SP5) and NG FP3. The firewall and management station are
both
>NG FP3...
>
>Most applications work except the ones that require a back connection.
I
>can replicate the problem by initiating a ping from Internal IP to
SR/SC IP
>NAT Pool address...
>
>So basically...
>If an internal user/application tries to ping/access the IP NAT Pool
address
>it will fail with error "encryption fail reason: temporary unavailable
>resources"
>But if internal ip tries to ping/access the address bound to
>SecuRemote/SecureClient NIC then it will work.
>
>Thanks
>T.
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
--
Reinhard Stich, ASSIST R.Stich AT internet-security DOT at
Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33
Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
