cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
D_TK
Iron

Intermittent VPN issue

Good Day everyone.

Have a very intermittent site to site VPN issue.  Current environment is 9 locations, connected by private MPLS.

Management is R80.20

(8) clusters are R77.30

(1) cluster is R80.20

I have a mesh VPN community which has 8 locations in it.  The 9th location, where management resides is not part of the VPN community.

From time to time, i see a site become unreachable from one or more of the other VPN sites - the fix is to get to that cluster either directly, or via the non-VPN management server, and run vpn tunnelutil and "Delete all IPsec+IKE SAs for ALL peers and users" - that site becomes available immediately.

Any troubleshooting ideas - not knowing when it will happen, or how to trigger it makes setting up anything in advance difficult.

"permanent tunnels" is not turned on - would that setting add value here?

thanks.

dave

0 Kudos
4 Replies
Vladimir
Pearl

Re: Intermittent VPN issue

Looks like this may be the case.

Take a look at https://community.checkpoint.com/message/11233-re-unstable-vpn-tunnels post.

0 Kudos

Re: Intermittent VPN issue

Allways when you use Check Point to Check Point tunnels turn on the Permanent tunnels and set the community to 1 tunnel per gateway pair.

This will makes sure your tunnels remain solid, so far I have never seen problems like these when we apply these settings.

Regards, Maarten
D_TK
Iron

Re: Intermittent VPN issue

Thanks for the info.  I have made the change to permanent tunnels, hopefully this will resolve the issue.

thanks

0 Kudos

Re: Intermittent VPN issue

Did the permanent tunnels solution fix your issue?

0 Kudos