Intermittent VPN issue

D_TK · ‎2019-03-08

Good Day everyone.

Have a very intermittent site to site VPN issue. Current environment is 9 locations, connected by private MPLS.

Management is R80.20

(8) clusters are R77.30

(1) cluster is R80.20

I have a mesh VPN community which has 8 locations in it. The 9th location, where management resides is not part of the VPN community.

From time to time, i see a site become unreachable from one or more of the other VPN sites - the fix is to get to that cluster either directly, or via the non-VPN management server, and run vpn tunnelutil and "Delete all IPsec+IKE SAs for ALL peers and users" - that site becomes available immediately.

Any troubleshooting ideas - not knowing when it will happen, or how to trigger it makes setting up anything in advance difficult.

"permanent tunnels" is not turned on - would that setting add value here?

thanks.

dave

Vladimir · ‎2019-03-08

Looks like this may be the case.

Take a look at https://community.checkpoint.com/message/11233-re-unstable-vpn-tunnels post.

Maarten_Sjouw · ‎2019-03-09

Allways when you use Check Point to Check Point tunnels turn on the Permanent tunnels and set the community to 1 tunnel per gateway pair.

This will makes sure your tunnels remain solid, so far I have never seen problems like these when we apply these settings.

Regards, Maarten

D_TK · ‎2019-03-10

Thanks for the info. I have made the change to permanent tunnels, hopefully this will resolve the issue.

thanks

Jesse · ‎2019-09-17

Did the permanent tunnels solution fix your issue?

Are you a member of CheckMates?

Intermittent VPN issue