Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 SecuRemote — client side tables
Advanced Technical Reference Guide 4.1 • June 2000 158
Used by SecuRemote Client: Yes.
Used by FW daemon: No.
Keys: <ip, mask, gw>
Values: None.
Timeout: None.
Comments: Used by the client to check whether packets should be encrypted (if they
are a part of the topology) or not.
userc_session table
The userc_session table holds the session key for the encryption.
Example
attributes: expires 800, free function 4276219426 12
<c0a81e03, c7cb4760; 804c63d8; 632/800>
The userc_session table uses the following format:
<client_ip_address, gateway address; key; time left/total time>
The reason that the client IP address is used and not only the gateway address is that most SecuRemote clients
are used on a laptop which has a dynamic IP address. So using the client IP address can be beneficial.
Used by SecuRemote Client: Yes.
Used by FW daemon: No.
Keys: <user ip, gw_ip>
Values: <key>
Timeout: 800 sec
Comments: Stores negotiated keys between client and firewall on the client side. Note
that unless the firewall daemon crashes the session key will always
timeout on the client before it times out on the server. If the opposite
occurred, communication would not be possible, since the server would
not know to decrypt packets from the client.
userc_encapsulating_gateways table
The userc_encapsulating_gateways table holds the addresses of the gateways with which the clients needs to
use encapsulation.
Example
<c073cd0c>
<c073cd0e>
The userc_encapsulating_gateways table uses the following format:
<gateway’s IP address>