Re: [fw-wiz] VPN question

["Scott Pinzon" <Scott.Pinzon@watchguard.com>]

Just about everyone on this list is more qualified to answer than I am, but since I haven't seen any other replies, I'll take a stab at answering.

 

I don't know about the Pix specifically, but many firewalls have a Phase 2 setting that forces key expiration after a specified period of time. This is to make sure the tunnel is not sitting idle for long periods, susceptible to being abused. The symptoms you describe would be consistent with one end of the VPN tunnel having a different key expiration timing than the other end of the tunnel. It could be that one end of the tunnel is forcing expiration, then the two ends auto-negotiate a new tunnel... which is why the tunnel is down for five or ten minutes, then comes back.

 

Long story short, I'd try checking for compatible "force key expiration" settings on both ends of the tunnel.

Hope this helps!

 

Scott Pinzon, CISSP

WatchGuard Technologies

---

From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Henderson, Bernadette
Sent: Monday, November 20, 2006 1:00 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] VPN question

I have a home grown network in my office for clients to use.(Outside of my work network)  The problem is that the amount of persons using it is growing every time they come to my office for work for about a month straight then leave for 6 months. All of them want to connect back to their home office using the microsoft built in vpn client. They also now use a Pix firewall which I have no knowledge of but they do have a consultant who runs it for them. There are about ten users.

The dilemma I have is that about every 18 hours they all getting booted out of their vpn and say they cant get onto the internet. It lasts about 5 to ten minutes and about the time I get on the road to come in to see whats wrong, they are back up and running again. They are working night and day weekends too...

In my office I have a T1 going to a cisco router, to a linksys router for nat and then to and hp switch then piped over to the port in the room to netgear switchboxes at the conference room tables.

My network guys say the T1 is fine etc etc.. I cant really see much of anything from the linksys.  What should I be looking for to uncover what is booting them out and back up again so quickly? I called their tech guy to look at the firewall log and am waiting for feedback.

Thanks in advance

Bernadette

 
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, do not read, copy or distribute the e-mail or any attachments. Instead, please notify the sender and delete the e-mail and any attachments. Thank you.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards