|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] VPN with FW-1 & FreeS/Wan
I remember a timeout similar to the one you're describing, but it wasn't taking place at predictable intervals. Consistent activitity across the VPN would keep it up for days, but idle time anywhere from 5-15-25 minutes would cause the symptoms you're experiencing. Once activity resumed, it took both endpoints a couple of seconds to resume the connection -- often times, this exceeded the timeout value of the connection and it would be dropped by the application. I was using v1.8 with CP2000 SP2 with PFS and no Agressive Mode. My experience was only in a lab -- I never could get it to run reliably enough to place into production. The bounce was handled manually. -peter On Fri, 12 Jan 2001, Thomas Nilsen wrote: > We've noticed that the FreeS/WAN tunnels will be shut down when I install a > new policy on the FW. The admin on the FreeS/WAN side is investigating this > further. It must be possible to get it to auto-create the tunnels whenever > one dies... How did you configure the bounce of FreeS/WAN ? > > The logs on FW-1 doesn't tell you much with regards to the VPN connections, > but the FreeS/WAN side is a lot better... if you know how to interpret it.. > > I've already had a look on frees/wan mailing list archive, but I couldn't > find anything similar to what we experience. Maybe I was searching with the > wrong words but... > > -----Original Message----- > From: Peter Lukas [mailto:[email protected]] > Sent: Friday, January 12, 2001 1:54 PM > To: Thomas Nilsen > Cc: [email protected] > Subject: Re: [FW1] VPN with FW-1 & FreeS/Wan > > > I noticed something similar where VPN connectivity would die whenever a > policy was installed. The only resolution there was to bounce FreeS/WAN > and retry the connection. > > Take a look at both logging mechanisms (the FreeS/WAN logs may be more > useful). You will also find a wealth of information on the FreeS/WAN > mailing list: > > http://www.nexial.com/cgi-bin/lipsec > > -peter > > On Fri, 12 Jan 2001, Thomas Nilsen wrote: > > > > > A client of us has been trying to set up a VPN with us using FreeS/WAN 1.5 > > on a Linux box. We used Fw-1/VPN v4.1 SP2. > > > > The VPN connection works fine, with just one rather annoying problem. We > are > > only able to connect to the intended host on the client side once every X > > minutes, where X is the settings of IKE Security Association under > > Properties -> Encryption. > > > > Connections from the client to a host on our side works as expected. > > > > Anyone got any experience with this, or any ideas on how to solve this > > issue? > > > > Regards, Thomas Nilsen > > Kverneland IT AS > > Global Services > > Tel: +44 1380 722361 Ext 201 - Mob: +44 (0)> > > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
