This
is generally caused by exceeding the amount of SA negotiations that a particular
processor can perform. You usually can solve this by enabling Subnet
negotiations in the VPN properties window of IKE. Another thing that can improve
negotiations is the VPN accelleration card you can pick up from a Check Point
VAR.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Engineer/Check Point Instructor
CCSA, CCSE, CCSI, ICE, ICI, NSA
Website: http://www.SiegeWorks.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Monday, August 20, 2001 5:20 AM
To: [EMAIL PROTECTED]
Subject:Hi lister,
I have the same error: FireWall-1: InvokeIsakmpServer: can't bind socket: Incorrect function as Jeff Blada posted on the 17th email. We also run NT4.0, sp6 with CP FW1 4.1, IKE VPN. The error only shows on one of my subsidiary's FW. Every time when it shows, the FW stop working and I have to reboot the FW. Then everything comes back fine. I checked phoneboy but nothing comes up. Does anyone have an idea? Thanks for any help. Really appreciate.Best Regards,
Chi-lien Lee
Sr. System Administrator
Zymark Corporation
