This is a widely known bug in SP6. I have been fighting it for almost 6 months now, since first going to SP6. The current solution recommended by Checkpoint/Nokia is to upgrade to NG, downgrade back to previous release, or live with it. I currently have a cronjob that watches the CPU utilization of the isakmpd daemon and kills it if it is over 70%. This has been working, but is a pain when it happens in the middle of the day. I have been doing some tests with killing it in the middle of the night, each night, to see if I can eliminate the problem from occuring during the day. Like with you, it happens with a policy push, or user database update. Ride support hard, and pressure them for a fix! Let me know if you have any other questions.
-Aaron -----Original Message----- From: Matt Rossiter [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 4:52 PM To: [EMAIL PROTECTED] Subject: [FW-1] Problem with isakmp dameon I'm trying to figure out a problem with a Nokia firewall (IP650) running FW Version 4.1 SP-6, Chrysalis-ITS LunaVPN PCI driver version 4.27, IPSO 3.5. and has 320MB of memory The firewall currently has alot of VPN's to many different firewalls. One of the problems I'm seeing is when pushing a policy, the ISAKMP dameon will go into running mode and just hangs never returing to sleep mode. Sometimes I've seen other firewalls start a second isakmp process and cause problems. The only way to correct the problem is to kill the current process and restart isakmpd. I was once told that this is because the VPN portion of the firewall has run out of its allotment of memory and there is a way to configure the firewall to correct this problem. I can also put more memory into the firewall or reduce the number of VPNs. root 22976 0.1 4.2 21756 13488 ?? S 2:16PM 2:09.28 isakmpd (fw) Has anyone else run into this problem? Thanks, Matt ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
