Hi all,
we have three offices using FW1 4.1 sp2 using IKE to tunnel back and forth
to each other. It's been working great for months. I've just added a fourth
in Atlanta, but the tunnel has been bouncing up and down; running for awhile
then quitting. The first time it came back by itself, but after that it's
taken a cycle of the FW1 service to get it working again. Nothing unusual in
the NT event logs, and the FW logs show a 'no response from peer. Scheme:
IKE' message. It seems to work for less time each time we do this; the first
time it ran for a couple of days, the last time it only worked for a half
hour or so.
I have all the machines getting time updates from ntp servers, all the IKE
parameters are exactly the same in the VPN props of each FW...
Checkpoint suggested rewriting the rules in the rulebase and adding a rule
at the top of the list saying 'all encyrption domains' - 'all encryption
domains' - ISAKMP - accept, but I'm a little skeptical...
Anyone seen anything similar or got any ideas? Thanks,
Ian
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
