Dear all, thanks for your answers. > Ian: An easy fix would be to use a connection keep alive tool so the DSL > connection doesn't disconnect. You could script this tool to only be > active when connecting to the company LAN.
Good idea. > Hal: A DSL WAN should not be dropping like this. My router drops, because of idle time. I don't have a flatrate > Hal: An alternative would be to get a static IP usually available for a nominal additional cost. That's true > Ray: If you're running R55 HFA05 through HFA08 on the gateway and SmartView Tracker is showing a "VPN Error Code 03", ... I'll have a look on that > Ray: It's also "fixed" by simply waiting fifteen minutes or longer from the time of the disconnect before trying to reconnect. I remember that too. You are right I think. Best regards Juergen -----Urspr�ngliche Nachricht----- Von: Hal Dorsman [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 6. Oktober 2004 20:42 An: [EMAIL PROTECTED] Betreff: Re: [FW-1] SecuRemote NG - R56, Build: 269 using DSL with dynamic WAN adress es This is correct, a keepalive would keep the connection up, but you might want to talk to your ISP instead. A DSL WAN should not be dropping like this. You don't mention the hardware or protocol used, but there may be a setting in the router to disable drops on idle. An alternative would be to get a static IP usually available for a nominal additional cost. This is a networking issue and a VPN is not going to work in this setup. Ask your provider if there is a solution from their end. Hal > An easy fix would be to use a connection keep alive tool so the DSL > connection doesn't disconnect. You could script this tool to only be > active when connecting to the company LAN. > > I think the problem is occurring because the topology used in the > original handshake has changed. > > > Hope it helps > > Ian > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of > "Fischer, J�rgen, 3414" > Sent: 06 October 2004 13:06 > To: [EMAIL PROTECTED] > Subject: [FW-1] SecuRemote NG - R56, Build: 269 using DSL with dynamic > WAN adress es > > Dear all, > > we have encontered the following problem: > Situation: > - A PC with SecureRemote installed in a private LAN behind a > DSL-Router > - DSL router provides the PC with an IP-adress via DHCP (192.168.x.x) > - If access to the company-LAN is requested (via public internet) the > DSL-router connects to the ISP > - The DSL router receives a dynamic IP-adress from the ISP > - The SecureRemote Client on the PC connetcs to the Company Checkpoint > Firewall and authenticates. > > So far so good. > > Now the problem: > - After 15 minutes idle time the router disconnects from the internet > (normal router timeout) > > - The PC now requests a connection to the company-LAN again > - The DSL-router (re)connects to the ISP > - The DSL router receives a dynamic IP-adress from the ISP (normaly > another one than the first time) > > Now we have the problem that it is n_o_t possible to connect to the > company LAN. (The requests, e.g. ping <LAN-adress> time out) > > Only stopping and restarting the SecureRemote client fixes the > problem. > - The client reauthenticates with the company Checkpoint Firewall and > the client can connect to the LAN again. > > From my pov the problem is the changed IP-adress of the DSL router's > WAN interface. > > Is that a known problem ? > Is there a solution for that ? > > Best regards > > Juergen Fischer > > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
