Troubleshooting guide

Appendix A: State Tables for VPN-1/FireWall-1 4.0 VPN tables

Advanced Technical Reference Guide 4.1 • June 2000 154

The encryption_requests table uses the following format:

rejected_encryptions table

Connections that need to be encrypted according to the Rule Base, but cannot be due to problems (wrong

scheme, timed out encryption request, failure in key exchange or generation…) are inserted into the

rejected_encryptions table.

Example

attributes: expires 180

<c0a83005, 00000456, c7cb477d, 00000017, 00000006; 174/180>

The rejected_encryptions table uses the following format:

rdp_table table

The rdp_table table holds RDP (the encryption negotiation protocol) connections in the following particular

case. When two computers perform encryption with one another and there is a gateway in the middle that needs

to forward these RDP connections, then on the gateway computer, all RDP connections are inserted into this

table.

Example

attributes: expires 60

<c0a80c01, 000004f9, c7cb47e3, 0000006e, 00000011; 57/60>

<c0a81c0e, c073cd77; 58/60>

The rdp_table table uses the following format (these are the values of the original connection):

In the case of SecuRemote the format is (again, these are the values of the original connection):

cryptlog_table table

Information about this table will be available in the next update to this document.

SKIP tables

skip_connections table

Each SKIP packet contains the encrypted session key that is decrypted and used to decrypt the packet. In order

to optimize the decryption process, the skip_connections table contains the encrypted session key and the non-

encrypted session key of a connection. This avoids having to decrypt the session key for each packet.

Example

attributes: refresh, expires 180, free function 133280052 0

<4ba107e5, c3298f6d; 802a33bd; 169/180>

The skip_connections table uses the following format:

<key1, key2; pointer to key; time left/total time>