Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

site-to-site vpn stops in between - What other debug should be collected?

Hi Team,

So I have S2S with AWS and internally I have 12000 series devices with R80.20. Recently we established tunnel with AWS however what we noticed is the traffic works fine for certain time while it just stops in between then if I do vpn tu and delete the IKE SA the traffic starts again for some time and same behaviour after that.

I took a vpn debug and for testing purpose I disabled vpn accel for that particular vpn peer IP. However the issue still persists.

Anything else that needs to be looked at?

One thing I noticed is when this issue happens multiple IKE SA are seen for Phase-1.

0 Kudos
Reply
4 Replies
Highlighted
Champion
Champion

Make sure your VPN Tunnel Sharing setting is "one VPN tunnel per gateway pair", due to this:

sk113561: VPN Tunnel to Amazon Web Services (AWS) is unstable

Also make sure that the IKE and IPSec renegotiate lifetimes on the Advanced VPN Properties screen match those on the AWS side.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Highlighted
Advisor

Hi,

Probably that could be - Thanks for pointing this out. Let me make the changes and see.

0 Kudos
Reply
Highlighted
Advisor

Still no luck with this. vpnd.elg show nothing.

0 Kudos
Reply
Highlighted
Champion
Champion

Assuming you have followed the steps in this SK, it is probably time to engage the TAC:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply