[vpn] Problems with Ipsec over sonicwall and checkpoint

Ryan Malayter rmalayter at bai.org
Tue Dec 18 13:27:29 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We've got a sonicwall Pro-VX connected to a Nokia Checkpoint FW-1
device via Ipsec using a shared secret. The tunnel seems to work
great, quite fast, but periodically (say, once a day) the tunnel comes
down for 15-20 minutes and then spntaneously comes back up. I have a
pinging script doing a keepalive, so I can record outages. I get
basically nothing to help diagnose the problem in the Sonicwall log,
and though I don't control the FW-1 end, they say they don't see
anything unusual there, either. All we see is the IKE renegotiation
when the tunnel comes back up.

I've been monitoring the connection carefully, and the intervals
between outages seem fairly random: 36, 7, 24, 13 hours, etc. So I
don't think it's a timeout issue. All other internet access on both
sides of the VPN is unaffected; only the VPN tunnel goes down.

Both devices have the latest firmware.

Basically, I don't know who to approach about this one - Sonicwall or
Checkpoint. Has anyone seen similar behavior on either device? I know
there were Ipsec problems with 4.x series Sonicwall firmware, but I
believe those were resolved. Sonicwall tech support has been
contacted, but no resolution yet.

Thanks for any help,
:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA
- ---------------
"Men occasionally stumble over the truth, but most of them pick
themselves up and hurry off as if nothing had happened."
   -Sir Winston Churchill

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - GPGshell v2.10b19
Comment: For info see http://www.gnupg.org

iD8DBQE8H4pH9wZiZHyXot4RAq5NAKDJfaEkht+iPOsLLfNDdKJ4QNORQgCcCH0/
m17nVXRyQjXiGyha2zuuFho=
=66Pw
-----END PGP SIGNATURE-----

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list