This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jesus_Cano
Collaborator
‎2019-07-29 04:26 AM

VPN confirmation routing (sniffer)

Hi,

 

We have a VPN configured. The VPN was OK, but suddenly stop working. VPN is UP. We see in logs that the our customer traffic is "being encripted by the correct community". But in the another peer (foritgate) they don receive any traffic. 

So is there any way to check in the checkpoint that the traffic is being properly sent by the "tunnel".

We should see these icmp requests with a tcpdump?

tcpdump -any 'host 172.17.1.15'

0 Kudos
5 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2019-07-29 06:06 AM

Hi

Try using the command vpn tu to see the established tunnels:

Here are the options is gives:

 

********** Select Option **********

(1) List all IKE SAs
(2) * List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) * List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users

* To list data for a specific CoreXL instance, append "-i <instance number>" to your selection.

(Q) Quit

*******************************************

0 Kudos
Jesus_Cano
Collaborator
‎2019-07-30 12:07 AM
In response to Tal_Paz-Fridman

I reset phase 1 y phase 2 with vpn tu and the VPN is working fine.

Why the VPN goes down when not traffic is flowing and then we need to reset tunnel to go back on???

 

 

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2019-07-30 12:11 AM
In response to Jesus_Cano

It's hard to tell why why the VPN tunnel goes down when there is no traffic.

If you are encounter it again I suggest opening a Support Request with TAC.

 

Best wishes

Tal

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-07-30 03:52 AM
In response to Tal_Paz-Fridman

Check the re-key times at both ends and also ask them if they have enabled the "re-key every so many KBytes"option, the latter is dropping the tunnel from their end and tries to restart the tunnel but the CP side does not accept the drop of the tunnel and holds on to the old SA.
Regards, Maarten
0 Kudos
Jesus_Cano
Collaborator
‎2019-07-30 05:58 AM
In response to Maarten_Sjouw

Lifetime is the same (in seconds). Whne the issue happens, the IKE is OK:

 

Peer 82.x.x.x.x , GW-HH SAs:

IKE SA <0368bade7f351ed5,c8a7cfe223eed1f9>

IKE SA <70b5afdce3c2b4cd,d0ee1b646bc98d11>

 

But there is not phase2.

And seeing in the tunnel monitor "tunnel on gateway"in smartdasboarh, the source IP for the VPN is missing. N/A.

When we reset the tunnel with "vpn tu" the sourceIP is showed again in monitor.

  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events