Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN

Subject:	Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 26 May 2006 04:10:53 -0700

1) make sure you run the latest code on the VPN concentrator.
   
  2) make sure you enable "iskamp keepalive on the concentrator"
   
  yes, I've seen this issue many times.  It calls VPN interaoperability issue 
between
  vendors.

Chontzopoulos Dimitris <dchontzo AT ABC DOT GR> wrote:
  Hey Gurus,

I've been having one extremely strange problem with a Site-to-Site VPN.

The VPN is being established via a Leased-Line (not over the Internet) between 
our Firewall (Check Point Firewall-1/VPN-1 R55W AI)
and a CiSCO VPN Concentrator 3000 on the Client Side. What happens is that if 
the line between us goes down for a reason, our side
fails to identify that, so, it keeps encrypting the data without re-negotiating 
for new keys. The only way for the VPN to be
re-established is to manually clear my keys through "vpn tu" and then send then 
some traffic. After that, the VPN goes up again.

Now, I've never seen this happen before and I've got no problems at all with 
the rest of my remaining 40+ Site-to-Site VPN's with
other Clients through the Internet. This issue only happens with them. I also 
have 2 additional VPN's with other CiSCO VPN
Concentrator(s) 3000 without any problems.

Has anyone seen this before? Is there something I can do?

Cheers,


Dimitris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


                
---------------------------------
Ring'em or ping'em. Make  PC-to-phone calls as low as 1¢/min with Yahoo! 
Messenger with Voice.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN, cisco4ng <= Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN, cisco4ng Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris

Previous by Date:	[FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris
Next by Date:	Re: [FW-1] mac address, Ramki Security
Previous by Thread:	[FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris
Next by Thread:	Re: [FW-1] [FW1] Strange problem with Site-to-Site VPN, Chontzopoulos Dimitris
Indexes:	[Date] [Thread] [Top] [All Lists]