This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2020-06-18 03:05 AM

site-to-site vpn stops in between - What other debug should be collected?

Hi Team,

So I have S2S with AWS and internally I have 12000 series devices with R80.20. Recently we established tunnel with AWS however what we noticed is the traffic works fine for certain time while it just stops in between then if I do vpn tu and delete the IKE SA the traffic starts again for some time and same behaviour after that.

I took a vpn debug and for testing purpose I disabled vpn accel for that particular vpn peer IP. However the issue still persists.

Anything else that needs to be looked at?

One thing I noticed is when this issue happens multiple IKE SA are seen for Phase-1.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend
‎2020-06-18 04:40 AM

Make sure your VPN Tunnel Sharing setting is "one VPN tunnel per gateway pair", due to this:

sk113561: VPN Tunnel to Amazon Web Services (AWS) is unstable

Also make sure that the IKE and IPSec renegotiate lifetimes on the Advanced VPN Properties screen match those on the AWS side.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Blason_R
Leader
Leader
‎2020-06-18 05:32 AM
In response to Timothy_Hall

Hi,

Probably that could be - Thanks for pointing this out. Let me make the changes and see.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Blason_R
Leader
Leader
‎2020-06-18 09:54 PM
In response to Blason_R

Still no luck with this. vpnd.elg show nothing.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-19 06:00 AM
In response to Blason_R

Assuming you have followed the steps in this SK, it is probably time to engage the TAC:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events