I am not so sure that it has anything to do with the number of vpns. I have an IP120, that terminates to our corporate firewall. It has no other vpns beside this one, no securemote users, or anything else. It's isakmpd daemon has failed as well, shortly after pushing a policy.
-Aaron -----Original Message----- From: Matt Rossiter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:43 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Problem with isakmp dameon I've heard something to the effect that the VPN memory allocation is limited (which causes the problem when there's a large number of VPNs) and there's a way to increase it. Is this true? Matt ps... yes I know it's spelled 'daemon'. :) _____________________________________________________________________ On Tue, 7 Jan 2003, Zeltser, Roman wrote: > Aaron, can you post your cronjob script for killing this process? > > ********************************** > Roman Zeltser, > @National Computer Center, DNE > RS Information Systems > > > > -----Original Message----- > From: <Aaron Reynolds> [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 06, 2003 7:21 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Problem with isakmp dameon > > > This is a widely known bug in SP6. I have been fighting it for almost 6 > months now, since first going to SP6. The current solution recommended by > Checkpoint/Nokia is to upgrade to NG, downgrade back to previous release, or > live with it. I currently have a cronjob that watches the CPU utilization > of the isakmpd daemon and kills it if it is over 70%. This has been > working, but is a pain when it happens in the middle of the day. I have > been doing some tests with killing it in the middle of the night, each > night, to see if I can eliminate the problem from occuring during the day. > Like with you, it happens with a policy push, or user database update. Ride > support hard, and pressure them for a fix! Let me know if you have any > other questions. > > -Aaron > > -----Original Message----- > From: Matt Rossiter [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 06, 2003 4:52 PM > To: [EMAIL PROTECTED] > Subject: [FW-1] Problem with isakmp dameon > > > I'm trying to figure out a problem with a Nokia firewall (IP650) running > FW Version 4.1 SP-6, Chrysalis-ITS LunaVPN PCI driver version 4.27, IPSO > 3.5. and has 320MB of memory > > The firewall currently has alot of VPN's to many different firewalls. > One of the problems I'm seeing is when pushing a policy, the ISAKMP dameon > will go into running mode and just hangs never returing to sleep > mode. Sometimes I've seen other firewalls start a second isakmp process > and cause problems. > > The only way to correct the problem is to kill the current process and > restart isakmpd. I was once told that this is because the VPN portion of > the firewall has run out of its allotment of memory and there is a way to > configure the firewall to correct this problem. I can also put more > memory into the firewall or reduce the number of VPNs. > > root 22976 0.1 4.2 21756 13488 ?? S 2:16PM 2:09.28 isakmpd (fw) > > > Has anyone else run into this problem? > > > Thanks, > > > Matt > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.434 / Virus Database: 243 - Release Date: 12/25/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.437 / Virus Database: 245 - Release Date: 1/6/2003 > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
