This is a multi-part message in MIME format.

--===============1317020013==
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C71278.2EFCB5BC"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C71278.2EFCB5BC
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Just about everyone on this list is more qualified to answer than I am,
but since I haven't seen any other replies, I'll take a stab at
answering.
=20
I don't know about the Pix specifically, but many firewalls have a Phase
2 setting that forces key expiration after a specified period of time.
This is to make sure the tunnel is not sitting idle for long periods,
susceptible to being abused. The symptoms you describe would be
consistent with one end of the VPN tunnel having a different key
expiration timing than the other end of the tunnel. It could be that one
end of the tunnel is forcing expiration, then the two ends
auto-negotiate a new tunnel... which is why the tunnel is down for five
or ten minutes, then comes back.
=20
Long story short, I'd try checking for compatible "force key expiration"
settings on both ends of the tunnel.
Hope this helps!
=20
Scott Pinzon, CISSP
WatchGuard Technologies


________________________________

From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of
Henderson, Bernadette
Sent: Monday, November 20, 2006 1:00 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] VPN question
=09
=09



I have a home grown network in my office for clients to
use.(Outside of my work network) The problem is that the amount of
persons using it is growing every time they come to my office for work
for about a month straight then leave for 6 months. All of them want to
connect back to their home office using the microsoft built in vpn
client. They also now use a Pix firewall which I have no knowledge of
but they do have a consultant who runs it for them. There are about ten
users.

The dilemma I have is that about every 18 hours they all getting
booted out of their vpn and say they cant get onto the internet. It
lasts about 5 to ten minutes and about the time I get on the road to
come in to see whats wrong, they are back up and running again. They are
working night and day weekends too...

In my office I have a T1 going to a cisco router, to a linksys
router for nat and then to and hp switch then piped over to the port in
the room to netgear switchboxes at the conference room tables.

My network guys say the T1 is fine etc etc.. I cant really see
much of anything from the linksys. What should I be looking for to
uncover what is booting them out and back up again so quickly? I called
their tech guy to look at the firewall log and am waiting for feedback.

Thanks in advance=20



Bernadette=20




=09
=20
This e-mail is from Dechert LLP, a law firm, and may contain
information that is confidential or privileged. If you are not the
intended recipient, do not read, copy or distribute the e-mail or any
attachments. Instead, please notify the sender and delete the e-mail and
any attachments. Thank you.

=09


------_=_NextPart_001_01C71278.2EFCB5BC
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


VPN question
charset=3Dus-ascii">


face=3D"Franklin Gothic Book" color=3D#0000ff>Just about everyone on =
this list is=20
more qualified to answer than I am, but since I haven't seen any other =
replies,=20
I'll take a stab at answering.

face=3D"Franklin Gothic Book" color=3D#0000ff> 

face=3D"Franklin Gothic Book" color=3D#0000ff>I don't know about the Pix =

specifically, but many firewalls have a Phase 2 setting that forces key=20
expiration after a specified period of time. This is to make sure the =
tunnel is=20
not sitting idle for long periods, susceptible to being abused. The =
symptoms you=20
describe would be consistent with one end of the VPN tunnel having a =
different=20
key expiration timing than the other end of the tunnel. It could be that =
one end=20
of the tunnel is forcing expiration, then the two ends auto-negotiate a =
new=20
tunnel... which is why the tunnel is down for five or ten minutes, then =
comes=20
back.

face=3D"Franklin Gothic Book" color=3D#0000ff> 

face=3D"Franklin Gothic Book" color=3D#0000ff>Long story short, I'd try =
checking for=20
compatible "force key expiration" settings on both ends of the=20
tunnel.

face=3D"Franklin Gothic Book" color=3D#0000ff>Hope this =
helps!

face=3D"Franklin Gothic Book" color=3D#0000ff> 

face=3D"Franklin Gothic Book" color=3D#0000ff>Scott Pinzon,=20
CISSP

face=3D"Franklin Gothic Book" color=3D#0000ff>WatchGuard=20
Technologies






From:=20
firewall-wizards-bounces@listserv.icsalabs.com=20
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf =
Of=20
Henderson, Bernadette
Sent: Monday, November 20, 2006 =
1:00=20
PM
To: =
firewall-wizards@listserv.icsalabs.com
Subject:=20
[fw-wiz] VPN question





I have a home grown network in my =
office for=20
clients to use.(Outside of my work network)  The problem is that =
the=20
amount of persons using it is growing every time they come to my =
office for=20
work for about a month straight then leave for 6 months. All of them =
want to=20
connect back to their home office using the microsoft built in vpn =
client.=20
They also now use a Pix firewall which I have no knowledge of but they =
do have=20
a consultant who runs it for them. There are about ten =
users.


The dilemma I have is that about every =
18 hours=20
they all getting booted out of their vpn and say they cant get onto =
the=20
internet. It lasts about 5 to ten minutes and about the time I get on =
the road=20
to come in to see whats wrong, they are back up and running again. =
They are=20
working night and day weekends too...


In my office I have a T1 going to a =
cisco router,=20
to a linksys router for nat and then to and hp switch then piped over =
to the=20
port in the room to netgear switchboxes at the conference room=20
tables.


My network guys say the T1 is fine etc =
etc.. I cant=20
really see much of anything from the linksys.  What should I be =
looking=20
for to uncover what is booting them out and back up again so quickly? =
I called=20
their tech guy to look at the firewall log and am waiting for=20
feedback.


Thanks in advance




Bernadette =





=20
This e-mail is from Dechert LLP, a law firm, and may contain information =
that is confidential or privileged. If you are not the intended =
recipient, do not read, copy or distribute the e-mail or any =
attachments. Instead, please notify the sender and delete the e-mail and =
any attachments. Thank you.



------_=_NextPart_001_01C71278.2EFCB5BC--

--===============1317020013==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1317020013==--