Anupam Gaur a écrit :
hai all,
Please Please Please help
We are using Checkpoint configured on Nokia IP 350 in IP Clustering load
sharing at our two loactions Noida and Pune. Both the locations have their
separate clusters with exactly the same hardware and same hot fix
configurations.
Both these locations have Site to Site VPN Connectivity with UK checkpoint
which is configured on same Nokia IP 350 but with VRRP
hi,
do you have any nat involved in your VPN traffic ?
do you allow NAT-T ?
now the problem is that at our Noida Location , the users going through VPN
logout suddenly and this happened not with all users but with certain part
like 70/300 logout. but there is no such logout at our Pune Location
i have checked up the configurations on Both Noida and Pune , they are
exactly same
the errors are like :
Encryption Failure : Possible Replay Attack
TCP Packet out of state: RST Packet from server side of an old connection
what are the IPs for those smartview tracker log entries ?
that's strange because after the IKE, the SA should be okay so you'll
have only ESP packets
or UDP on port 500, so it could be interesting to have more details
about those out of state.
The same logs are in pune Firewall but there is no logout in pune
please provide your valuable inputs
Do you have exactly the same OS/build number and the same checkpoint
version/HFA ?
you can try to debug the vpn using "vpn debug trunk" on the UK site and
on Noida site, then check the content
of ike.elg site via ikeview.
regards
Anupam gaur
Security Consultant
EXL Services, Noida
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, re-transmission, dissemination or other use of or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from your
computer. Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses. However, given Internet accessibility,
the Company cannot accept liability for any virus introduced by this e-mail
or any attachment and you are advised to use up-to-date virus checking
software.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
