We have been having intermittent Help Desk calls from remote users complaining about "tunnel test failure" messages when dialing in for the last couple of weeks or so. It seemed to be affecting maybe 1 out of 20 users daily, and not every day, and would fix itself after a few hours without us doing anything.
Since we didn't know if it was a firewall problem because it affected only a few users and they were OK later in the day, but it had never happened before, I opened a case with Check Point just in case. They had no record of it from any other companies.
The logs showed it only affected people who either got timed out on their dial-in connection or kicked off, and only occurred if they dialed right back in. Sometimes it would clear itself if they dialed a different access number.
Tonight Check Point was able to duplicate the problem by connecting into their systems on their LAN and using a static IP. The tech changed his LAN IP in the middle of the session, which always causes the connection to drop, as it should. However, when he tried to connect back in with the new IP address, he got a tunnel test failure. Since dial-in users always get a new IP address, this was why it didn't affect broadband users.
He back-traced the problem to HotFix Accumulator 05 which has been out for a few months. The problem carried over into HFA06 and HFA07. We had the 06 and 07 hotfixes installed as they contain enhancements for the Edge boxes we're testing. We never were on HFA05.
Since we know know the problem is a firewall issue, Check Point recommended we back the Nokia back to our previous HFA level and leave the management station on HFA07.
If you filter on SmartView Tracker, VPN-1, Information, Contains "decrypted methods" (without the double quotes), you'll see if you also have this issue.
Thanks again to all of you who helped me wrestle with this problem,
Ray
_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
