NetScreen 5XP / ScreenOS 2 preventing VPN connections over..

Archived from groups: comp.security.firewalls (More info?)

Hi -

I am managing a small network which is accessed off-site by a number
of users. There is usually at least one user connected to our network
during the day via VPN. Recently, the NetScreen 5XP firewall has
occasionally preventing our VPN users from accessing our network,
always the first thing in the morning, or when they have been trying
to connect during the weekend, when nobody is around on-site. When
this happens, on-site users can access the Internet from within, can
ping the firewall, but it refuses Telnet and HTTP connection attempts.
After some experimentation, it seems that only rebooting the Firewall
fixes the prohlem. When I eventually connected to the firewall via
its "diagnostics" port, using Hyperterminal on Windows, I discovered
the single message:

IKE warning, I don't know what attribute 20480 is!

.... scrolling endlessly. Incidentally, I noticed that on this model,
the diagnostics aren't interactive. You can't login; in fact, nothing
happens when you press any key. After rebooting, I noticed that other
messages appeared when I configured the Firewall using its HTTP
interface.

--
Mark Bertenshaw
IT Manager
LEAX Controls

Archived from groups: comp.security.firewalls (More info?)

Jens Hoffmann <jh@bofh.de> wrote in message news:<slrnc8dofm.al6.jh@churrasco.bofh.de>...
> Hi,
>
> To begin with, if you really run Screenos 2.x, stop reading
> and upgrade the box...
>
> Mark Bertenshaw <mark.bertenshaw@virgin.net> wrote:
> > fixes the prohlem. When I eventually connected to the firewall via
> > its "diagnostics" port,
>
> It´s not only a diagnostic port, it's a console with complete
> CLI.
>
> > using Hyperterminal on Windows, I discovered
> > the single message:
> >
> > IKE warning, I don't know what attribute 20480 is!
>
> Which indicates, that your software is so old, that it cannot
> recognize all attributes your clients are using and behaves
> badly in this situation.
>
> > After rebooting, I noticed that other
> > messages appeared when I configured the Firewall using its HTTP
> > interface.
> >
>
> Normal.

Jens -

Thanks for the reply. It seems that I had to toggle some keys on the
keyboard before I got a two way connection on HyperTerminal.

I very much agree that the software ought to be upgraded. Now someone
else has said this, I think I have a better case at pitching this at
my company's directors.

My clients' software is of the same vintage as the firewall software,
so I would be surprised if it was them causing the problem - they are
normally connected during the day when we have no problems. Since
this message, when it arrives, seems to be appearing constantly, could
it be that some evil person is trying to crack our firewall using more
modern software?

--
Mark Bertenshaw
IT Manager
LEAX Controls