Re: FTP issues between PIX and Checkpoint firewall

u.naranjo · ‎08-11-2004

Hi,

I'm having the folowing situation that I can not resolve.

We established an IPSEC tunnel between a host behind a PIX 506E and a host behind a checkpoint firewall for FTP transfer. when the client behind the checkpoint tries to ftp files to the server behind the PIX; the client does not get the logon prompt or it takes a long time to come up, also once the client is able to login then start the ftp transfer he gets disconnected and sometimes he is able to transfer files successfully and some times the files do not go through at all eventhough when I check the pix it shows the tunnel up and encrypting and decrypting data etc.

So this problem is intermitent and most of the times the file transfer does not work.

I looked at the sample config on Cisco's web site for a tunnel between pix's and checkpoint and I'm sure on the PIX everything is well configured. I assume the checkpoint is also well configured since the tunnel is able to come up and occassionally able to transfer files; I do not have access to the Checkpoint since it is managed by another party and it is really difficult to make changes on that end.

If anybody has encountered similar issues and was able to resolve; please give me a hint since I tried all that I know and still this does not work accordingly.

Thanks very much for the insight.

Uriel.

spremkumar · ‎08-11-2004

Hi

As u mentioned its works sometimes and not in sometimes ,r u getting success at the same time when the disconnection happens ?

if yes can u chek up the load conditions in your router if its there in place.

Sometimes heavy loading may also results in disconnection.

u can do onehting try to do tfp during peak hrs (wkg hrs) and chek up the load ther in router.

try to repeat the same after off peak hrs (non wkg hrs) and monitor it.

i did face the same sort of thing in past but not with F/Ws in place..

regds

prem