 | ||
 Cisco VPN Timeout after 1 minute | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-07-06 | |||
| |||
 Cisco VPN Timeout after 1 minute We have a Nokia VRRP cluster, running R61 HFA01, with IPSO 4.1 B022. Our clients are attempting to use a Cisco VPN (Software) client (4.6+) to connect to remote (offsite) vendors. Our clients are behind a manual hide NAT. The client will connect, and everything will work for about one to two minutes, then they will get disconnected. The client mentioned that their VPN worked until a few weeks ago. This is when we switched from stand alone Nokia to a VRRP cluster. The rule to allow Cisco VPN out is: Source: Secure Network (10.x) Dest: Remote Cisco VPN concentrator(s) Service: IKE (UDP500), IKE_NAT_TRAVERSAL (UDP4500) Action: Accept Track: Log In tracker... I see the IKE session go out, ok. Then I see the remote sever, some time later, try to reply via a UDP4500 connection to the NAT address... which goes straight into the Cleanup Rule. According to all of the documentation, and all the FW-1 emails I can find on google, that's the correct configuration above.  |
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
