Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Protocol violation detected with protocol:(IKE Nat traversal - UDP)

Hello

We are seeing this issue. and We have a problem with VPN communication.

Do you have any idea about that?

 

1. SG5100: R80.10 (Take 249)

2. Topology: 3rd party VPN <--- SG5100 (bridge mode) ---> 3rd party VPN

                     SG5100 is not set to VPN. It's just a bridge mode firewall.

3. Policy

11.PNG

4. Logs

Firewall - Protocol violation detected with protocol:(IKE Nat traversal - UDP), matched protocol sig_id:(10), violation sig_id:(20). (500)

22.PNG

0 Kudos
6 Replies
Highlighted
Leader
Leader

Kim,

first of all. Very interesting policy "any => any, allow" Hope this will be only for testing.

It looks like your VPN partners are not doing correctly the specifications for IKE_NAT-traversal.

You can try to create a new service-object with no protocol definition like this:

 

udp_4500.png

 and use this service object in your rulebase.

Wolfgang

0 Kudos
Contributor

Wolfgang,
Yes, it's only for testing. "any=>any,allow"

I created a new service-object with no protocol definition.
but the result was the same.

Firewall - Protocol violation detected with protocol:(IKE Nat traversal - UDP), matched protocol sig_id:(10), violation sig_id:(20). (500)

캡처.PNG

0 Kudos
Highlighted
Champion
Champion

Yeah, you get an alert - but what is your issue when i see action accept in log ?

0 Kudos
Highlighted
Contributor

G_W_Albrecht.

We have a problem with vpn communication between 3rd party devices.
The vpn service is no problem when removing checkpoint devices.
0 Kudos
Highlighted
Contributor

I'm seeing similar log for Protocol violation, but it's for (DNS-UDP). Even though the log will say "Allow" for action, it actually cause problem.

Not sure if the packet is drop but the DNS did not resolve. Basically if I do a nslookup from client machine, I'll see a log of Protocol violation coming from internal DNS, and on client machine the nslookup will not resolve the url and just time out.

This doesn't always happen though. It happen from time to time so it's hard to replicate the issue with support on the phone. Just curious what cause it to think there's Protocol violation?

0 Kudos
Highlighted
Contributor

The temporary workaround we did was a Global Exception rule from the Inspection Settings for said traffic, while waiting on support to figure out what cause it to think there's protocol violation 

0 Kudos