https://community.checkpoint.com/t5/SASE-and-Remote-Access/Tunnel-test-drops-and-iked-disable-when-connecting-to-Endpoint/m-p/239051#M2502 <P>Hello everyone!</P><P>We encountered a problem when connecting Endpoint clients via Remote Access.</P><P>Successfully connected clients disconnect after some time and in SmartConsole we see tunnel_test drop logs. The problem occurs only with some VPN clients when working with files. After the drop, a reconnection occurs, which lasts for several minutes, several attempts of automatic reconnection may be required to successfully connect again.</P><P>The environment in which the problem occurs is VSX and R81.10. Nat-t is enabled.</P><P>We tried to debug VPN-related processes and found that iked debug did not start with the message: 'iked' is currently disabled.<BR />The vpn iked status command also shows the result:<BR />vpn: 'iked' is disabled.<BR />vpn: The 'iked' process is currently not running.</P><P>The documentation related to iked debugging says that iked can be disabled when using legacy mode. But we did not disable iked manually. The upgrade to R81.10 was over a year ago, but tunnel_test issues appeared later.</P><P>Does anyone know a solution to this problem? Can we simply enable iked with vpn iked enable?</P><P>The documentation says that this modifies the $FWDIR/boot/modules/fwkern.conf file and may break the SSH session. Will enabling iked in this way have a negative impact on the system and current VPN connections?</P><P>I would appreciate any help!</P> Mon, 20 Jan 2025 11:28:46 GMT Dayaana 2025-01-20T11:28:46Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Tunnel-test-drops-and-iked-disable-when-connecting-to-Endpoint/m-p/239051#M2502 <P>Hello everyone!</P><P>We encountered a problem when connecting Endpoint clients via Remote Access.</P><P>Successfully connected clients disconnect after some time and in SmartConsole we see tunnel_test drop logs. The problem occurs only with some VPN clients when working with files. After the drop, a reconnection occurs, which lasts for several minutes, several attempts of automatic reconnection may be required to successfully connect again.</P><P>The environment in which the problem occurs is VSX and R81.10. Nat-t is enabled.</P><P>We tried to debug VPN-related processes and found that iked debug did not start with the message: 'iked' is currently disabled.<BR />The vpn iked status command also shows the result:<BR />vpn: 'iked' is disabled.<BR />vpn: The 'iked' process is currently not running.</P><P>The documentation related to iked debugging says that iked can be disabled when using legacy mode. But we did not disable iked manually. The upgrade to R81.10 was over a year ago, but tunnel_test issues appeared later.</P><P>Does anyone know a solution to this problem? Can we simply enable iked with vpn iked enable?</P><P>The documentation says that this modifies the $FWDIR/boot/modules/fwkern.conf file and may break the SSH session. Will enabling iked in this way have a negative impact on the system and current VPN connections?</P><P>I would appreciate any help!</P> Mon, 20 Jan 2025 11:28:46 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Tunnel-test-drops-and-iked-disable-when-connecting-to-Endpoint/m-p/239051#M2502 Dayaana 2025-01-20T11:28:46Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Tunnel-test-drops-and-iked-disable-when-connecting-to-Endpoint/m-p/239096#M2503 <P>It looks like you can enable it with vpn iked enable.<BR />The reason your SSH connection may get disconnected is because of the policy installation required to (de)activate iked, which can sometimes terminate existing connections (depends on settings).</P> <P>In general, iked should improve VPN performance for certain operations as iked is multicore.</P> Mon, 20 Jan 2025 22:33:17 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Tunnel-test-drops-and-iked-disable-when-connecting-to-Endpoint/m-p/239096#M2503 PhoneBoy 2025-01-20T22:33:17Z