Daily Archives: November 6, 2008


IPcop VPN issues

The other day I brought the new checkpoint firewall for the new building and tried to get the VPN tunnels up between the satellite offices and failed. At the satellite offices we use IPCop as our firewalls.

I had set up the policies on the IPCop boxes and the corresponding ones on the Checkpoint firewall. When I went to bring up the tunnels I got nothing. There was no traffic going out the Checkpoint unit and I saw nothing on the IPCop boxes. I spent 3 hours on the phone with Checkpoint and got the box reconfigured and started getting errors on the IPCop boxes but still no tunnels. The Checkpoint tech was stumped as was I. I went so far as to blame the new T-1 provider of munging my packets so they would be accepted at the other offices.

So the error I was getting on the IPCop boxes was:

packet from X.X.X.X:500: initial Main Mode message received on X.X.X.X:500 but no connection has been authorized with policy=PSK

Now most of the information on the internet talks about this being a problem with the IPCop box getting a request from a box that it isn’t expecting. Well the policy was set up right on all the boxes. I even took out the checkpoint firewall and replaced it with an IPCop box..same error. So after spending all day and most of the night I headed home.

Around 3am I woke up and started thinking about the issue. In my mind I started going over the list of all the VPNs I had set up at the time and it came to me.

I got up and headed back to the new office. When I got there I made sure that the problem was still happening.

Now I had named the VPN policy on the IPCop boxes 1200Lenox. Well the problem is…you can’t start the name of the policy with a number. So the minute I changed the policy name to l1200lenox the tunnels came right up.

So for all of you who are getting the same error make sure the name of your policy starts with a letter and not a number.


What a long strange trip it’s been

So last month on October 16th I celebrated the bingeing of my 9th year at Arora and Assoicates, P.C.. When I say I celebrated I mean I went to my boss and told him that I was starting my the year and he said the same thing he says every year..”wow it’s been that long!”

So looking back at the 8 years that I have been at Arora I have realized that I have taken the company to new heights on the technology scale. When I started we had 2 offices. The one in Lawrenceville and a New York City office. The Lawrenceville office had an IDSL line that went down every few days. The New York office was sharing a 56K modem for the whole office. The e-mail server was hosted with the ISP and was unable to handle the small load the company was putting on it.

In 4 months after I started the IDSL line went down for a month..in which time I was able to talk the powers to be to go with a full T-1 line with the argument that the only time a T-1 goes down is when some person with a backhoe cuts a fiber line somewhere in the US. After the T-1 was installed in Lawrenceville I moved the mail server in house and rebuilt the network.

As the years moved on I have installed bigger faster and louder servers. We now have over 8Tb of space total in the Lawrenceville office. We have expanded the company from 2 offices to 5 offices all connected by VPN. All the offices now have full T-1s. There are more advances that were made in all the offices but there is so little time to list them all.

At the bingeing of this month we moved the Lawrenceville office to a bigger brand new space. We had over 46207 ft (8.75 Miles) of data cable installed with over 276 data ports installed. This was a new build so we put in as many drops as we could while the walls were open. We got rid of our old 3COM switches for brand new Cisco switches. With the new office also came with a new server room with the proper cooling and security.

So as I sit in my new cube…yes I took a cube instead of an office because the more space I have the messier I become so I took a cube tucked in a corner and out of the high traffic areas…I can’t help to think of what is in store for me in the next 9 years at Arora….

I know I look forward to keeping the company on the cutting edge of technologie.