My 2600 sits in the middle of two outside vendors: each of them have a tunnel to my site, data from vendor 1 is sent to vendor 2 through my device but is never read or parsed in any way by anything at my location.
The two tunnels always appear to be up, but sometimes the files fail to flow between the two sites. Bouncing the firewall will get everything working again for awhile, but after some period of time it will fail again requiring another bounce.
The only errors I can find in packet capture are all:
DROPPED, Drop Code: 435(Octeon Decrypyion Failed Selector check), Module Id: 20(ipSec)
The tunnel between my device and vendor 1 is Group 2, 3DES, SHA1, perfect forward secrecy unchecked, and the tunnel between my device and vendor 2 is Group 2, AES-128, SHA1, perfect forward secrecy is checked.
Before I go to the vendors and have them make changes based off of my guess, is this a plausible cause of the problem and a plausible solution is to make the tunnels match in encryption configuration? My hunch is that the SW isn't processing the translation very well and... some kind of buffer overflow? I'm only familiar with tunneling from point A to point B, this tunnel from A to C through B (where I have no direct control over points A or C) that I inherited just isn't something I've encountered before so I'm hesitant to demand that a 3rd party make changes that may or may not solve the problem.
No comments:
Post a Comment