This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
scottikon
Contributor
‎2020-03-05 10:40 AM

R80.40 IPSEC VPN shows stuck at Phase I but is fully operational

I have a R80.40 lab with three Check Point gateways. One distributed environment (managed by separate management server) and the other two are standalone (gateway and management on same device). 

I have site to site VPNs configured as follows: -

1. from Main GW to Remote GW1

2. from Main GW to Remote GW2

 

VPNs show in SmartView monitor as Up - Phase I but when I look at vpn tu on the cli I see phase II tunnels formed: -

 

SAs of all instances:

Peer 192.168.101.11 , RemoteGW1 SAs:

IKE SA <b026ba653a85f493,13cd8ad810ce962a>
INBOUND:
1. 0x97698d60 (i: 0)
OUTBOUND:
1. 0x5c3cf41e (i: 0)

Peer 192.168.101.12 , RemoteGW2 SAs:

IKE SA <c33a8776de4d53f1,62554189591c0af1>
INBOUND:
1. 0xa306b733 (i: 1)
OUTBOUND:
1. 0x53ff98e0 (i: 1)

 

the IKE.elg also shows three messages in quick mode. 

 

I have also cleared the tunnel down and brought it up by initiating traffic firstly from local network (issuing a ping from PC1 to remote PC 2) and then secondly from remote network (issuing ping from remote PC2 to local PC1). 

 

Has anyone seen this before?

 

 

 

ike.7z
(1)
33 Replies
Steffen_Appel
Advisor
‎2021-10-07 02:40 AM
In response to _Val_

We still have the issue too on T119 and just received an hotfix, which we will try in the next days.

0 Kudos
Kim_Moberg
Advisor
‎2021-10-07 05:51 AM
In response to _Val_

Hi @_Val_ 

I spoke with VPN RnD guys about it and with EA team. It was just before my summer holiday and September so we havent completed debug and investigation yet.

I expect soon to start up the investigation.

Best Regards
Kim
_Val_
Admin
Admin
‎2021-10-07 07:55 AM
In response to Kim_Moberg

Sure, please post the results when you have them

0 Kudos
RobertSmeikal
Explorer
‎2021-09-29 04:20 AM
In response to Kim_Moberg

@Kim_Moberg Hi Kim! I replied to the original issue from scottikon. I have edited my post to make it clearer. Thank you for pointing it out. Best regards, Robert

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events