I've heard something to the effect that the VPN memory allocation is limited (which causes the problem when there's a large number of VPNs) and there's a way to increase it. Is this true?
Matt ps... yes I know it's spelled 'daemon'. :) _____________________________________________________________________ On Tue, 7 Jan 2003, Zeltser, Roman wrote: > Aaron, can you post your cronjob script for killing this process? > > ********************************** > Roman Zeltser, > @National Computer Center, DNE > RS Information Systems > > > > -----Original Message----- > From: <Aaron Reynolds> [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 06, 2003 7:21 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Problem with isakmp dameon > > > This is a widely known bug in SP6. I have been fighting it for almost 6 > months now, since first going to SP6. The current solution recommended by > Checkpoint/Nokia is to upgrade to NG, downgrade back to previous release, or > live with it. I currently have a cronjob that watches the CPU utilization > of the isakmpd daemon and kills it if it is over 70%. This has been > working, but is a pain when it happens in the middle of the day. I have > been doing some tests with killing it in the middle of the night, each > night, to see if I can eliminate the problem from occuring during the day. > Like with you, it happens with a policy push, or user database update. Ride > support hard, and pressure them for a fix! Let me know if you have any > other questions. > > -Aaron > > -----Original Message----- > From: Matt Rossiter [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 06, 2003 4:52 PM > To: [EMAIL PROTECTED] > Subject: [FW-1] Problem with isakmp dameon > > > I'm trying to figure out a problem with a Nokia firewall (IP650) running > FW Version 4.1 SP-6, Chrysalis-ITS LunaVPN PCI driver version 4.27, IPSO > 3.5. and has 320MB of memory > > The firewall currently has alot of VPN's to many different firewalls. > One of the problems I'm seeing is when pushing a policy, the ISAKMP dameon > will go into running mode and just hangs never returing to sleep > mode. Sometimes I've seen other firewalls start a second isakmp process > and cause problems. > > The only way to correct the problem is to kill the current process and > restart isakmpd. I was once told that this is because the VPN portion of > the firewall has run out of its allotment of memory and there is a way to > configure the firewall to correct this problem. I can also put more > memory into the firewall or reduce the number of VPNs. > > root 22976 0.1 4.2 21756 13488 ?? S 2:16PM 2:09.28 isakmpd (fw) > > > Has anyone else run into this problem? > > > Thanks, > > > Matt > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.434 / Virus Database: 243 - Release Date: 12/25/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.437 / Virus Database: 245 - Release Date: 1/6/2003 > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
