[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Two Gateway VPN and Secure Remote


We have a two gateway VPN between sites but have encountered two
problems.

1)  If a user on the local lan at site A has site B defined in their
Secure Remote, they are requested to auth before connecting to site
B.  I specifically placed the VPN encryption rules before the client
encrypt rules but this has made no difference.

2)  Sessions across the VPN time out very quickly when idle.  I've
cranked up the tcp & udp timeout values in properties but this hasn't
made any difference.

Anyone encountered these problems or know how I can address them?

Cheers,

----
Jeff Newton
Unix Systems Administrator
PMC-Sierra Inc.

From bouncbot@ts.checkpoint.com  Tue Oct  5 14:06:00 1999
Return-Path: <bouncbot@ts.checkpoint.com>
Received: from ts.checkpoint.com (holly.ts.checkpoint.com [204.156.136.247])
	by us.checkpoint.com (8.9.3/8.9.3/CPoak/1.3.8) with ESMTP id OAA17180
	for <jwright@us.checkpoint.com>; Tue, 5 Oct 1999 14:05:59 -0700 (PDT)
Received: (from bouncbot@localhost)
	by ts.checkpoint.com (8.9.3/8.9.3/CPholly/1.0.1) id QAA24873
	for jwright@us.checkpoint.com; Tue, 5 Oct 1999 16:05:58 -0500 (CDT)
Received: from hale-bopp.ts.checkpoint.com (hale-bopp.ts.checkpoint.com [204.156.136.27])
	by ts.checkpoint.com (8.9.3/8.9.3/CPholly/1.0.1) with ESMTP id QAA24868
	for <bouncbot@holly.ts.checkpoint.com>; Tue, 5 Oct 1999 16:05:58 -0500 (CDT)
From: owner-fw-1-mailinglist@us.checkpoint.com
Received: from softwhisper.us.checkpoint.com (softwhisper.us.checkpoint.com [206.184.151.213])
	by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with ESMTP id QAA15219
	for <bouncbot@holly.ts.checkpoint.com>; Tue, 5 Oct 1999 16:05:57 -0500 (CDT)
Received: (from majordom@localhost)
	by softwhisper.us.checkpoint.com (8.9.3/8.9.3/CPsoftwhisper/1.2.3) id OAA17243;
	Tue, 5 Oct 1999 14:05:52 -0700 (PDT)
Date: Tue, 5 Oct 1999 14:05:52 -0700 (PDT)
Message-Id: <199910052105.OAA17243@softwhisper.us.checkpoint.com>
To: owner-fw-1-mailinglist@lists.us.checkpoint.com
Subject: BOUNCE fw-1-mailinglist@lists.us.checkpoint.com:    Non-member submission from [Evans <devans@revenue.state.il.us>]   
X-Loop: bouncbot
Status: RO
Content-Length: 3135
Lines: 70

>From bouncbot  Tue Oct  5 14:05:48 1999
Received: from hale-bopp.ts.checkpoint.com (hale-bopp.ts.checkpoint.com [204.156.136.27])
	by softwhisper.us.checkpoint.com (8.9.3/8.9.3/CPsoftwhisper/1.2.3) with ESMTP id OAA17239
	for <fw-1-mailinglist@lists.us.checkpoint.com>; Tue, 5 Oct 1999 14:05:44 -0700 (PDT)
Received: from revenue.state.il.us (mail.revenue.state.il.us [163.191.201.140])
	by hale-bopp.ts.checkpoint.com (8.9.3/8.9.3/CPmx/1.1) with SMTP id QAA15204
	for <fw-1-mailinglist@lists.us.checkpoint.com>; Tue, 5 Oct 1999 16:05:39 -0500 (CDT)
Received: from revenue.state.il.us (163.191.202.2)
	by revenue.state.il.us (Connect2-SMTP 4.31.01.0001667)
	for <fw-1-mailinglist@lists.us.checkpoint.com>; Tue, 5 Oct 1999 14:25:57 -0500
Message-ID: <37FA50F4.F893686@revenue.state.il.us>
Date: Tue, 05 Oct 1999 14:26:45 -0500
From: Evans <devans@revenue.state.il.us>
Organization: IL Dept Revenue
X-Mailer: Mozilla 4.61 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: System Locking Up
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello all, Hopefully someone out there can help me as I am on a sinking
ship. Ship vital signs are: Sun Ultra-1, 128m ram, Solaris 2.6,
Firewall-1 sp1, FDDI to our backbone, and a Quad FastEthernet for dmz's
and Internet connection.

For reasons unknown to me it just locks up completely, requiring a power
down/up. The only clues I can find are once I seen the monitor stating
failure to alloc buffer memory.... over and over... The other clue is
when this happens my log file dis-appears. It seems to happen about
every 5-6 hours, whereas, I had experienced it about once every ten
days. Not knowing what else might be of help I also included the output
of fw ctl pstat below
hmem kernel memory statistics:
Hash memory statistics
Total memory blocks allocated: 15
Total memory used 20060 bytes
Total number of items: 366
Total number of failed allocations: 0
Unused memory percentage: 68%
Detailed statistics according to item size:
Size  16:   Blocks:   1   Full blocks:   0   Nitems:    5 unused memory
99%
Size  20:   Blocks:   1   Full blocks:   0   Nitems:    2 unused memory
100%
Size  24:   Blocks:   1   Full blocks:   0   Nitems:   85 unused memory
51%
Size  32:   Blocks:   1   Full blocks:   0   Nitems:    3 unused memory
98%
Size  52:   Blocks:   2   Full blocks:   0   Nitems:   69 unused memory
57%
Size  60:   Blocks:   1   Full blocks:   0   Nitems:    9 unused memory
87%
Size  68:   Blocks:   4   Full blocks:   0   Nitems:  124 unused memory
49%
Size  76:   Blocks:   4   Full blocks:   0   Nitems:   69 unused memory
68%
Inspct: 735943 packets, 211452716 operations, 7883771 lookups, 77559
record, 67971407 extract
Cookies: 2730124 total, 0 alloc, 0 free, 0 dup, 2434508 get, 1035071
put, 5236322 len, 0 chain alloc, 0 chain free
Fragments: 76136 fragments, 1209 expired, 0 packets
Encryption: 0 encryption, 0 decryption, 0 short, 0 failures
Translation: 196480/1629327 forw, 221005/1634943 bckw, 417475 tcpudp, 10
icmp, 13337-13705 alloc

Any and all help gratefully accepted,
D Evans




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================