Create a Post
Showing results for 
Search instead for 
Did you mean: 

R80.40 IPSEC VPN shows stuck at Phase I but is fully operational

I have a R80.40 lab with three Check Point gateways. One distributed environment (managed by separate management server) and the other two are standalone (gateway and management on same device). 

I have site to site VPNs configured as follows: -

1. from Main GW to Remote GW1

2. from Main GW to Remote GW2


VPNs show in SmartView monitor as Up - Phase I but when I look at vpn tu on the cli I see phase II tunnels formed: -


SAs of all instances:

Peer , RemoteGW1 SAs:

IKE SA <b026ba653a85f493,13cd8ad810ce962a>
1. 0x97698d60 (i: 0)
1. 0x5c3cf41e (i: 0)

Peer , RemoteGW2 SAs:

IKE SA <c33a8776de4d53f1,62554189591c0af1>
1. 0xa306b733 (i: 1)
1. 0x53ff98e0 (i: 1)


the IKE.elg also shows three messages in quick mode. 


I have also cleared the tunnel down and brought it up by initiating traffic firstly from local network (issuing a ping from PC1 to remote PC 2) and then secondly from remote network (issuing ping from remote PC2 to local PC1). 


Has anyone seen this before?




33 Replies

We still have the issue too on T119 and just received an hotfix, which we will try in the next days.

0 Kudos

Hi @_Val_ 

I spoke with VPN RnD guys about it and with EA team. It was just before my summer holiday and September so we havent completed debug and investigation yet.

I expect soon to start up the investigation.

Best Regards

Sure, please post the results when you have them

0 Kudos

@Kim_Moberg Hi Kim! I replied to the original issue from scottikon. I have edited my post to make it clearer. Thank you for pointing it out. Best regards, Robert

0 Kudos