This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Atul_Sharma
Participant
‎2019-02-21 08:12 PM

VPN traffic accepted instead of being encrypted

Good Day Everyone!

We have a checkpoint gateway running R77, which has a VPN with a Cisco ASA, everything was fine until we started having latency issues.

After troubleshooting, we saw the SOME of traffic/connections which were supposed to "encrypt" was being "accept",  .i.e. being accepted and getting dropped when it reaches the ISP because of private destination IP(which is part of the remote peer encryption domain).

Taking a look at the historic logs showed us that this "accept" behaviour is seen from a long time and hasn't caused any issues until today.

Taking a look at the rule, we saw that the VPN column was set to "Any Traffic" and not to the specific VPN community.

We are thinking of adding the specific community to the VPN column to fix this(not 100% sure if this is going to work).

Could there be any other reason why this could be happening ?

3 Replies
Vladimir
Champion
Champion
‎2019-02-21 08:46 PM

Please check the "excluded services in VPN community" to see if those are present there.

Additionally, "Any" in VPN column is literally, "any, clear or encrypted".

So if your peer fail to include same networks in their encryption domain as you have defined in yours, your traffic will be sent out in clear text.

Matching specific community is a better option, IMHO.

Atul_Sharma
Participant
‎2019-02-21 08:58 PM
In response to Vladimir

Thank you for your response. we would definitely change the config and add soecific vpn community.

What i don’t understand is why certain times the same traffic is being accepted and the other times being encrypted.

accepted action means that the traffic doesnt go through the vpn and hence triggers a re-transmit and the performance issue begins.

0 Kudos
Vladimir
Champion
Champion
‎2019-02-21 09:19 PM
In response to Atul_Sharma

If this is a VPN with non-checkpoint device, the difference in how often the key exchange is happening perhaps could be a culprit.

For instance, one of the vendors supports renegotiation based on volume limit in addition to the lifetime.

the lifetimes may be out of whack and renegotiation is dependent on traffic initiated by remote VPN peer.

In this instance, once the session times out, you will be sending traffic in clear. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events