Support Center > Search Results > SecureKnowledge Details
VPN tunnel fails after an IPS update
Symptoms
  • VPN tunnel fails after an IPS update.

  • Kernel debug on problematic Security Gateway ('fw ctl debug -m fw + drop') shows that IKE traffic (UDP port 500) is dropped:
    fw_log_drop_ex: Packet proto=17 Source_IP:500 -> Dest_IP:500 dropped by fwpslglue_chain Reason: PSL Drop: ASPII_MT;

Cause

IKE Phase 1 Main Mode packet # 5 is dropped by IPS protection "TCPDUMP ISAKMP Payload Handling DoS" (CVE-2004-0183 , CPAI-2004-131).


Solution
Note: To view this solution you need to Sign In .