Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader

site-to-site vpn stops in between - What other debug should be collected?

Hi Team,

So I have S2S with AWS and internally I have 12000 series devices with R80.20. Recently we established tunnel with AWS however what we noticed is the traffic works fine for certain time while it just stops in between then if I do vpn tu and delete the IKE SA the traffic starts again for some time and same behaviour after that.

I took a vpn debug and for testing purpose I disabled vpn accel for that particular vpn peer IP. However the issue still persists.

Anything else that needs to be looked at?

One thing I noticed is when this issue happens multiple IKE SA are seen for Phase-1.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend

Make sure your VPN Tunnel Sharing setting is "one VPN tunnel per gateway pair", due to this:

sk113561: VPN Tunnel to Amazon Web Services (AWS) is unstable

Also make sure that the IKE and IPSec renegotiate lifetimes on the Advanced VPN Properties screen match those on the AWS side.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Blason_R
Leader
Leader

Hi,

Probably that could be - Thanks for pointing this out. Let me make the changes and see.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Blason_R
Leader
Leader

Still no luck with this. vpnd.elg show nothing.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Timothy_Hall
Legend Legend
Legend

Assuming you have followed the steps in this SK, it is probably time to engage the TAC:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events