cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

IPSEC site to site VPN fails after R80.20 upgrade

Hi

We have a large number of IPSEC VPN tunnels between our R77.30 gateway clusters.

Yesterday we upgraded one of the remote clusters to R80.20. After the upgrade the tunnel was still working fine, until we pushed policy to the R77.30 cluster late last night.

Now the tunnel will not stay up. If I push the R80.20 cluster it comes up briefly, then fails again.

The error message is 

Auth exchange: Sending notification to peer: Authentication failed MyAuthMethod: Certificates

I have support ticket open, but is there something simple and obvious I am missing?

Thanks

0 Kudos
2 Replies

Re: IPSEC site to site VPN fails after R80.20 upgrade

Do make sure to push the policy on the R77.30 again. We have seen many times during a R77.30 to R77.30 migration, a couple of years ago, that when we had VPN's we needed to at least push twice to those gateways to make sure the tunnels came back.
Regards, Maarten
0 Kudos

Re: IPSEC site to site VPN fails after R80.20 upgrade

Thanks

I removed the R80.20 gateway from the VPN, pushed to both gateways, added it back in and pushed again, and now the tunnel is up.

Checkpoint recommendation is to renew the cert, but each of our gateways is involved in multiple VPNs, so we will end up pushing to the whole estate eventually.

0 Kudos