This is a wild guess, but I have seen this before, and its well documented on the list. By any chance, have you defined the firewalls object with its internal IP address? The 10 minute thing is what gives this away....
Frank Darden Mission Critical Systems Check Point Premier, ATC, CSP 954-766-2550 -----Original Message----- From: Micha Borrmann [mailto:borrmann@;SYSS.DE] Sent: Tuesday, October 22, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: [FW-1] encryption failure: Packet is dropped as there is no valid SA Hallo, I've a strange problem with one NG FP2 installation (running on Linux) and SecuRemote/SecureClient. After authentication with IKE everything is ok, but few minutes later the encrypted tunnel is dropped. This is after about 10 Minutes. I've seen only one entry in the logfile with a dropped packet, but no source and destination is written in the log. I see only "encryption failure: Packet is dropped as there is no valid SA" in the info field. In the SecureClients Diagnostics I've seen a similar entry too: "encryption failure:: Packet is dropped as there is no valid SA" I don't have an idea what I can do to solve this problem? Has anybody hints for this situation? Thanks, Micha Borrmann -- Micha Borrmann Tel: +49 7071 407856-16 Security Consultant Fax: +49 7071 407856-19 syss System Security handy: +49 173 51 228 67 Friedrich-Dannenmann-Str. 2 mail: [EMAIL PROTECTED] D-72070 Tuebingen http://www.syss.de/ Key fingerprint = CB95 DA11 6FC9 8B49 D3E7 BEF6 E6BD 9BCA CCE5 7720 ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
