Thanks for the inputs Logout exactly means suddenly their VPN connectivity breaks and they have to again log on to the server located in US. The version used is NG AI R55 . I have some doubt regarding Sequence Verifier in Smart defense Should i enable it as Replay Attack indicates Sequence Number problem
but the same is also not enabled on Pune where there is no logout Activity Regards' Anupam -----Original Message----- From: pkc_mls To: [email protected] Sent: 16/01/2007 14:20 Subject: Re: [FW-1] VPN issue between IP Clustering and VRRP Anupam Gaur a écrit : > hai all, > > Please Please Please help > > We are using Checkpoint configured on Nokia IP 350 in IP Clustering load > sharing at our two loactions Noida and Pune. Both the locations have their > separate clusters with exactly the same hardware and same hot fix > configurations. > > Both these locations have Site to Site VPN Connectivity with UK checkpoint > which is configured on same Nokia IP 350 but with VRRP > > hi, do you have any nat involved in your VPN traffic ? do you allow NAT-T ? > now the problem is that at our Noida Location , the users going through VPN > logout suddenly and this happened not with all users but with certain part > like 70/300 logout. but there is no such logout at our Pune Location > > > i have checked up the configurations on Both Noida and Pune , they are > exactly same > > the errors are like : > Encryption Failure : Possible Replay Attack > TCP Packet out of state: RST Packet from server side of an old connection > > what are the IPs for those smartview tracker log entries ? that's strange because after the IKE, the SA should be okay so you'll have only ESP packets or UDP on port 500, so it could be interesting to have more details about those out of state. > The same logs are in pune Firewall but there is no logout in pune > please provide your valuable inputs > > Do you have exactly the same OS/build number and the same checkpoint version/HFA ? you can try to debug the vpn using "vpn debug trunk" on the UK site and on Noida site, then check the content of ike.elg site via ikeview. > regards > Anupam gaur > Security Consultant > EXL Services, Noida > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, re-transmission, dissemination or other use of or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from your > computer. Microland takes all reasonable steps to ensure that its electronic > communications are free from viruses. However, given Internet accessibility, > the Company cannot accept liability for any virus introduced by this e-mail > or any attachment and you are advised to use up-to-date virus checking > software. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ________________________________________________________________________ ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from your computer. Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
