topic Checkpoint IPsec VPN to 3rd party firewall phase 2 dpd issue in Firewall and Security Management

Checkpoint IPsec VPN to 3rd party firewall phase 2 dpd issue

pankajagr83 — Mon, 08 Feb 2021 14:13:50 GMT

Hi ,

We have build ipsec tunnel between checkpoint and fortinate. Checkpoint end Cluster ip address (public IP) forming two tunnels with two different fortinate firewall. AT checkpoint end we have enabled MEP as R80.40 installed.

Tunnel 1 working fine. tunnel 2 phase two is getting down. when primary shutdown secondary tunnel up only after manually bounce the tunnel at fortinate end.

What is the issue??

Re: Checkpoint IPsec VPN to 3rd party firewall phase 2 dpd issue

the_rock — Tue, 09 Feb 2021 01:42:45 GMT

Question...can you see what it shows on CP side when this happens? Any specific log, error? What about ike.elg file?You can get one by doing vpn debug ikeon on the firewall, then replicate the issue, then vpn debug ikeoff and look for ike.elg in $FWDIR/log directory

ON Fortigate, try below:

di de di

di de reset

di de application ike -1

di de enable

and watch for the output

I think I can help you on remote session if you like.

Andy