https://community.checkpoint.com/t5/SASE-and-Remote-Access/No-data-on-receiving-end-in-site-to-site-VPN/m-p/160622#M6072 <P>Few questions...</P> <P>How did you configure other side of the tunnel (the 4800) object? As interoperable or externally managed CP object?</P> <P>Does phase 1 show as up or no via vpn tu or sv monitor?</P> <P>Any change if you reset VPn tunnel?</P> <P>Do you see anything if running tcpdump -nni any host 1.2.3.4 (or whatever other side external IP is) and proto 50</P> <P>so say other side is 20.30.40.50, run tcpdump -nni any host 20.30.40.50 and proto 50</P> <P>Have you tried running simple vpn debug and reviewing vpnd.elg and ike.elg files</P> <P>vpn debug trunc</P> <P>vpn debug ikeon</P> <P>try generate some traffic</P> <P>vpn debug ikeoff</P> <P>get ike.elg and vpnd.elg files from $fWDIR/log</P> <P>Ping me privately, happy to do remote and help you.</P> Thu, 27 Oct 2022 19:19:09 GMT the_rock 2022-10-27T19:19:09Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/No-data-on-receiving-end-in-site-to-site-VPN/m-p/160601#M6071 <P>I’m migrating the firewall in one of my networks from an ASA to a Checkpoint 6400 running R81.10 (HFA 78 is installed) and used SmartMove to migrate the config.&nbsp;<BR /><BR /></P><P>Internally, everything works great, but I’m running into an issue with the VPN connection to one of my other sites.&nbsp;<BR /><BR /></P><P>I have a star community configured and the other site is a 4800 running R77.30 that I do not control. I’m seeing an SA establish and then a number of child SAs form, but the other site does not see any traffic coming out of the tunnel. I also do not see any data traffic coming from them.&nbsp;<BR /><BR /></P><P>I see the expected traffic in the logs showing up as action:encrypt, so I feel pretty certain that I’m sending the right traffic into the tunnel. In monitoring outbound traffic at my border router, I only see UDP 500 traffic headed to the other gateway’s address, so that also looks to my like traffic is correctly entering the tunnel.&nbsp;<BR /><BR /></P><P>The only change the other site made was changing the gateway object to a Checkpoint device. I’m out of ideas here for possible problems or troubleshooting tools. Any thoughts on what else could cause this?&nbsp;</P> Thu, 27 Oct 2022 16:21:21 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/No-data-on-receiving-end-in-site-to-site-VPN/m-p/160601#M6071 JohnW1 2022-10-27T16:21:21Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/No-data-on-receiving-end-in-site-to-site-VPN/m-p/160622#M6072 <P>Few questions...</P> <P>How did you configure other side of the tunnel (the 4800) object? As interoperable or externally managed CP object?</P> <P>Does phase 1 show as up or no via vpn tu or sv monitor?</P> <P>Any change if you reset VPn tunnel?</P> <P>Do you see anything if running tcpdump -nni any host 1.2.3.4 (or whatever other side external IP is) and proto 50</P> <P>so say other side is 20.30.40.50, run tcpdump -nni any host 20.30.40.50 and proto 50</P> <P>Have you tried running simple vpn debug and reviewing vpnd.elg and ike.elg files</P> <P>vpn debug trunc</P> <P>vpn debug ikeon</P> <P>try generate some traffic</P> <P>vpn debug ikeoff</P> <P>get ike.elg and vpnd.elg files from $fWDIR/log</P> <P>Ping me privately, happy to do remote and help you.</P> Thu, 27 Oct 2022 19:19:09 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/No-data-on-receiving-end-in-site-to-site-VPN/m-p/160622#M6072 the_rock 2022-10-27T19:19:09Z