[vpn-help] Checkpoint Edge 8.0.36x 15 min VPN timeout issue

Chris Martin cmartin at sjutech.com
Fri Apr 9 12:16:18 CDT 2010 

I did some more testing and this is the results I am getting:

 

Started VPN connection: 10:12am

 

--------------------------------------------------------

*****ICMP Ping Request started to Time out at 10:27am (15 MIn)

----------------------------------------------------------

 

VPN Status Shows:

 

Established - 1

Expired - 0

Failed - 0

 

Status - Connected

Remote Host 209.136.27.198

Transport Used IKE ESP

IKE Frag - Disabled

Dead Peer Detection - Disabled

 

15 min of perfect Connection then the Packets start to time out.

 

------------------------------------------------------------------------
-----------------

*****At 11:06am the tunnel renegotiated and the ICMP "ping "packets were
being sent and received 

*****again this is at 48min into the connection.

------------------------------------------------------------------------
------------------

 

VPN Status Shows:

 

Established - 2

Expired - 1

Failed - 0

 

Status - Connected

Remote Host 209.136.27.198

Transport Used IKE ESP

IKE Frag - Disabled

Dead Peer Detection - Disabled

 

 

15 min of perfect Connection then the Packets start to time out.

 

------------------------------------------------------------------------

*****at 11:21am the tunnel is still connect but ICMP "ping" packets
dropped again 

*****this is exactly (15 min) after it re-associated at 11:06am

------------------------------------------------------------------------
----

 

 

 

 

------------------------------------------------------------------------
--------

*****at 11:54am the tunnel renegotiated and the ICMP "ping "packets were
being sent and

*****received again this is at (96 min) into the connection.

------------------------------------------------------------------------
--------

 

VPN Status Shows:

 

Established - 3

Expired - 2

Failed - 0

 

Status - Connected

Remote Host 209.136.27.198

Transport Used IKE ESP

IKE Frag - Disabled

Dead Peer Detection - Disabled

 

 

15 min of perfect Connection then the Packets start to time out. Then
Cycle starts again

 

------------------------------------------------------------------------
-------------------

 

So the issue seems to have something to due with a timing issue in the
renegotiation of the IKE connection and DHCP renew?

 

according to Checkpoint docs the VPN client is suppose to renegotiate
every 24 min and the DHCP lease should be renewed at this time also.

 

 

If we can figure out this issue we are more than willing to donate to
the development... Client works great during time of good
connectivity... but losing the connection 15 min in and then having to
either  reconnect or wait 33 min for the connection to reconnect
properly is a complete show stopper..

 

If this can get fixed I have 100 of users and a few support groups
looking for a solution to the dreaded Checkpoint lack of support for 64
bit systems and the embedded VPN in the edge devices.

 

 

 

 

 

 

Chris Martin

SJU Technology Group

Technology Support Manager

Sparrow, Johnson & Ursillo, Inc.

1300 Division Rd, Suite 202

West Warwick RI, 02893            

( Work: (401) 521-4000 ext: 150

( Mobile: (508) 326-2673

( Fax: (401) 274-5368

*  cmartin at sjutech.com <mailto:cmartin at sjutech.com> 

Web:www.sju.com <http://www.sju.com> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100409/8e277710/attachment-0002.html>

More information about the vpn-help mailing list