Chris,
When
my W2k stops, it looses all connectivity. Only a reboot fixes
my problem. I already have the upgrade to NG in the office,
will try this as soon as a get a chance.
In
your case, don't upgrade your 4.0 fw to win2k. Instead get the
NG upgrade and migrate to win2k/NG. Checkpoint had ample time to
test NG against the win2k platform and it is very promising.
Laz
-----Original Message-----
From: Christopher Ferraro [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 6:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsMy win2k box has two intel server adaptersan onboard Intel 8255x-based PCI Ethernet Adapter (10/100)andan Intel(R) PRO/100+ Dual Port Server Adapterno DMZ in this officeit appears that the only similarity between our boxes are the OS, SP level and the checkpoint software.I don't have to reboot to fix my problem, however. Most of the time i get an alert on my pager and by the time i log on to the server, connectivity is restored.I have a couple of theories:1. Win2K and CP2K really don't play well together -- obviously the remedy to this would be to upgrade the CP install to NG2. CP 4.0 and CP2K IKE encryption methods are different and thus sometimes a communication failure occurs on VPNs between these dissimilar boxes.I have a question for you, though Laz. When your 2K box cannot reach your 4.0 (NT version) main office, can it reach the other remote offices that are running 2K ? I am prepared to upgrade my NT 4.0 CP4.0 box to CP2K, but not until i hear that it's more stable than the platform i'm running on.I've never had a problem with that firewall in the time i've been running it.Do you see any errors in the info field of your fw log when this occurs ? I still see encrypt and decrypt. it appears that only tcp packets are affected. udp packets pass fine on both ends. just tcp packets die on the remote end, and just the decrypt stage on the remote server. packets just never return.traceroutes on both fw's play out fine during this time.My main office can access resources at my remote office, but not vice versa, although packets are clearly seen to be passed successfully on both ends.CFChristopher A. Ferraro
Systems Engineer
Hubbard One
312.939.5000 x269
mobile: 312.286.8466
www.hubbardone.com-----Original Message-----
From: Rodriguez, Laz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 11:03 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsOn my end it is always the Win2k, (Win2k sp2 with cp 4.1 sp4). A reboot it is the only way to fix this issue.It seems that just us two are having this problem, no body else is!I am using the 3c905C for the DMZCompaq Netelligent 10/100TX PCI for the External Net3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) for the internal netWhat do you have?Laz-----Original Message-----
From: Christopher Ferraro [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 9:27 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall Errorsi had this happen to me last night. no fw changes on either end of the VPN and my remote office (the side with the Win2K, CP2K) loses all connectivity to the main office. Meanwhile the main office can still access everything on their network.What SPs are you all running on your fw's. I've got SP5 on my 4.0 firewall and SP3 on my 2K firewall.Also, which end of your VPN loses connectivity ? For our setup, it is always the 2K side and never the 4.0 side.To fix the problem last night I:1. reinstalled the policy on both ends -- no result2. changed the shared secret -- no result3. rebooted the remote firewall -- connectivity restored 5 minutes post reboot.Hopefully together, we can nail down what's causing the issue and fix it.CFChristopher A. Ferraro
Systems Engineer
Hubbard One
312.939.5000 x269
mobile: 312.286.8466
www.hubbardone.com-----Original Message-----
From: Rodriguez, Laz [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 24, 2001 8:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsI get the same problem from time to time. I loose all connectivity and need to reboot!-----Original Message-----
From: Jerris, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 24, 2001 5:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsStill have not, although it seems to be working we have had some intermitant problems with losing all conectivity... Not sure if it is related.Mike-----Original Message-----
From: Rodriguez, Laz [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 24, 2001 9:47 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsHow did you fixed the problem?-----Original Message-----
From: Jerris, Michael [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 3:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsHad the problem on 2 different machines with different NIC's all using standard win2k drivers.-----Original Message-----
From: Zeltser, Roman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 1:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Firewall ErrorsI would check the NIC driver for Win2K as well as would try to replace the card**********************************
Roman Zeltser,
@National Computer Center, DNE
RS Information Systems
-----Original Message-----
From: Rodriguez, Laz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 10:37 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] Firewall ErrorsHelp, I was wondering if anyone out there has had the same issues as me.
After we migrated from NT4.0 fw 4.1 to Windows 2000 server fw 4.1 on our firewall, the following error is coming out on the event viewer every second.
I have applied service pack 3 and 4 and the error keep coming.
FW1: ndis_allocate_packet: Cannot allocate new packets
Can anyone give me a few pointers as to where to look!
Thanks
Laz
