Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
starmen2000
Collaborator
Collaborator

DAIP Gateways unavailable problem

Hi mates,

 

I have issue with DAIP Gateway. Smart console does not show the gateway as online or up, but when I try to view the status of DAIP with rs_db_tool command, then I can see the dynamic IP. But the problem is, SMS is trying to get connection with GW per port 18192 and no success. I do not know how to troubleshoot in that case?

 

 

0 Kudos
7 Replies
the_rock
Legend
Legend

To help us out, do you have simple network diagram how you are connection all this? It would definitely make things bit easier...just put something together in MS paint, its fine. Is this regular S2S VPN tunnel?

Cheers,

Andy

0 Kudos
starmen2000
Collaborator
Collaborator

Hi,

 

I just uploaded the topology below. s2s vpn looks down now. And last log from gw nodes are from 2 days ago. 

 

image.png

0 Kudos
the_rock
Legend
Legend

You may need to do simple vpm commands to figure out why this is the case:

vpn tu tlist

vpn tu tlist -p peer_ip

vpn debug trunc

vpn debug ikeon

-generate some traffic

vpn debug ikeoff

Then look at ike.elg, as well as vpnd.elg* files in $FWDIR/log dir on the gateway

You can also run tcpdump -enni any host peer_ip and proto 50

Replace peer_ip with an actual IP address

Cheers,

Andy

0 Kudos
starmen2000
Collaborator
Collaborator

But I did not get it. It is about the connection between mgmt_srv and gw with dynamic IP. Why do I need to troubleshoot the s2s vpn connection between central and satellite peers?

0 Kudos
the_rock
Legend
Legend

Maybe I misunderstood. What is exact issue here? Vpn tunnel down or gateway state??

0 Kudos
starmen2000
Collaborator
Collaborator

On the Smart Console DAIP Gateway looks that connection lost with the Gw. So that Gw can not fetch the policy from SMS. Similar issue on that link.   https://community.checkpoint.com/t5/Management/DAIP-gateways-with-quot-Not-available-quot-or-quot-Lo...  Last log from the gw was 2 days ago. 

 
 
0 Kudos
G_W_Albrecht
Legend Legend
Legend

This is another issue - in the provided link, policy pull is successfull. Consult CP TAC to get this resolved asap !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events