commnication with site xxx.xxx.xxx.xxx has failed

[smalldragoon]

Hi,
I have a problem with my gateway and I can not find where.
Today, some users called syaing that they can not get connected anymore : communication has failed ..
Th message is maybe a trick, as the problem is not on the com ?


Symptom :

try to update the site in the Securemote which already have the gw defined

-> Error : commnication with site xxx.xxx.xxx.xxx has failed

Try to create the site

-> error : commnication with site xxx.xxx.xxx.xxx has failed

So I tried from another computer and I have the same problem.

checking on others computers, I can not anymore get connected.
The GW is still running without any problem ( I restarted services as well. no chnages )

Is any has a clue for me ?
Thanks

[chillyjim]

This sounds like:

1. vpnd is not running
2. something up stream is blocking the connection
3. You have the implied rules turned off and don't have a manual rule for VPN

Quick check:

- Anything in the firewall log?

- from the gateway (assuming SPLAT) "ps -ef | grep -i vpn"
Look for VPNd

- From the command line on the gateway "vpn debug on"
then look at $FWDIR/log/vpnd.elg and see what's making it to the gateway.

[smalldragoon]

Hello
Sorry, I was not really precise.
so
- When I connect, I have only the line wiht the fw1_topo accepted, nothing else.

- I try to connect from the LAN, so nothing is blocking, and I ahve the same result

- vnpd is running :
root 4176 1 0 Feb07 ? 00:00:00 vpnd 0
root 4177 1 0 Feb07 ? 00:00:00 vpnd 0
root 4188 1 0 Feb07 ? 00:00:00 vpnd 0
root 17410 1 0 Feb16 ? 00:00:00 vpnd 0
root 10588 29629 0 09:34 ? 00:00:00 vpnd 0
root 10823 10799 0 09:47 pts/0 00:00:00 grep -i vpn

From another hand, The file is a new clue so :D
I have inside

[ 10953 1024]@bastion[1 Apr 9:52:04] ------------ VPND Starting: Tue Apr 1 09:52:04 2008

InvokeIsakmpServer: can't bind socket: Operation not permitted
InvokeIsakmpServer: can't bind socket: Operation not permitted
InvokeIsakmpServer: can't bind socket: Operation not permitted
InvokeIsakmpServer: can't bind socket: Operation not permitted
InvokeIsakmpServer: can't bind socket: Operation not permitted
InvokeIsakmpServer: can't bind socket: Operation not permitted

so, prob of rights ?

[chillyjim]

Have you tried a reboot?

Try a "netstat -an | grep 500" and see if something is bound to UDP/500 which is IKE.

[smalldragoon]

Hi,
the reboot was the solution, not because of the port, but for a license problem.
this GW is an old one which can not ( and must not ) be upgraded.
They pushed soem licences on all GW this WE.
With a cpstop/cpstart or restart : no problems.
After rebboting, I had all errors messages regarding licenses.
I reassigned the "old" license and everything came back in order
Thanks a lot for the help !!
Regards
Lionel