Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
scottikon
Contributor

R80.40 IPSEC VPN shows stuck at Phase I but is fully operational

I have a R80.40 lab with three Check Point gateways. One distributed environment (managed by separate management server) and the other two are standalone (gateway and management on same device). 

I have site to site VPNs configured as follows: -

1. from Main GW to Remote GW1

2. from Main GW to Remote GW2

 

VPNs show in SmartView monitor as Up - Phase I but when I look at vpn tu on the cli I see phase II tunnels formed: -

 

SAs of all instances:

Peer 192.168.101.11 , RemoteGW1 SAs:

IKE SA <b026ba653a85f493,13cd8ad810ce962a>
INBOUND:
1. 0x97698d60 (i: 0)
OUTBOUND:
1. 0x5c3cf41e (i: 0)

Peer 192.168.101.12 , RemoteGW2 SAs:

IKE SA <c33a8776de4d53f1,62554189591c0af1>
INBOUND:
1. 0xa306b733 (i: 1)
OUTBOUND:
1. 0x53ff98e0 (i: 1)

 

the IKE.elg also shows three messages in quick mode. 

 

I have also cleared the tunnel down and brought it up by initiating traffic firstly from local network (issuing a ping from PC1 to remote PC 2) and then secondly from remote network (issuing ping from remote PC2 to local PC1). 

 

Has anyone seen this before?

 

 

 

(1)
33 Replies

We still have the issue too on T119 and just received an hotfix, which we will try in the next days.

0 Kudos
Kim_Moberg
Advisor

Hi @_Val_ 

I spoke with VPN RnD guys about it and with EA team. It was just before my summer holiday and September so we havent completed debug and investigation yet.

I expect soon to start up the investigation.

Best Regards
Kim
_Val_
Admin
Admin

Sure, please post the results when you have them

0 Kudos
RobertSmeikal
Explorer

@Kim_Moberg Hi Kim! I replied to the original issue from scottikon. I have edited my post to make it clearer. Thank you for pointing it out. Best regards, Robert

0 Kudos