cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Cannot establish C2S VPN connection

Jump to solution

Hello guys,

I am in the middle of creation my own LAB where I need to establish VPN from Check Point SecuRemote towards my test cluster.

The issue is that I have deployed new management server (SMS) only for this purpose and till now 1 gateway which is part of cluster (second member is not yet).

I am building my LAB as VMs. Both VMs were recently installed therefore evaluation lics are in place:

I had setup all needed options to get Remote Access VPN work, but unfortunately I cannot establish VPN connection from my desktop towards cluster IP (192.168.135.100).

Some facts which are worth to mention:

1. Both VMs are R77.30 

2. I am running LAB on Windows 8.1 Pro

3. I am using Check Point VPN client version E80.85 Build 986008506

4. Site can be created, but connection using Username and Password is not possible. Following screen is visible after entered correct username and password:

5. Visitor mode has been enabled.

I also tried to do tcpdumps, enable vpn debugs, capture traffic using Wireshark, add exceptions to the ESET firewall (installed on Windows), collect logs from SecuRemote.... but to be honest, I dont see any indication what could be wrong...

So in case someone has some suggestion how to properly debug this issue, let me know and I will provide needed outputs.

Thanks for every comment.

Kind regards,
Jozko Mrkvicka
1 Solution

Accepted Solutions

Re: Cannot establish C2S VPN connection

Jump to solution

I had deep look on the issue during holiday session, and the root cause was found in Windows logs. There was error message related to the software for SmartCard reading (3rd party program). After uninstalling this program from Windows, the remote access started to work.

Not sure how it was related to the issue that I was using username and password for logging within SecuRemote. Anyway, the issue was finally solved Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos
5 Replies
Admin
Admin

Re: Cannot establish C2S VPN connection

Jump to solution

It would be helpful if you shared the debug you already collected.

Maybe we'll see something you didn't.

0 Kudos

Re: Cannot establish C2S VPN connection

Jump to solution

Sure, here you are.

I have used following debug commands:

vpn debug on
vpn debug ikeon
vpn debug trunc
vpn debug on TDERROR_ALL_ALL=5
fwaccel off

fw monitor -e "accept;" -o /var/log/fw_monitor.cap

In addition, I have enabled logging of client, and attached are also logs from the client. During every attempt to connect I have to shutdown whole client (and restart services in Windows) via Task Manager in Windows, because client is not responding anymore ...

I also tried some older versions of SecuRemote client which I had in hand, but it was still the same behaviour.

Kind regards,
Jozko Mrkvicka
0 Kudos
Employee+
Employee+

Re: Cannot establish C2S VPN connection

Jump to solution

I also would like to know the exact settings you have enabled for your vpn in SmartDashboard.

Make sure you have office mode disabled as SecureRemote does not support it. You also could try with Check Point Mobile for Windows, which has more features than SecuRemote. See sk67820 for different clients.

0 Kudos

Re: Cannot establish C2S VPN connection

Jump to solution

So the issue is somehow related to the Windows 8.1 Pro.

I have created new virtual machine with Windows 7 and I was able to establish VPN connection with gateway from Windows 7 VM.

Not sure what is issue with compatibility of SecuRemote client for Win 8.1 Pro.

Kind regards,
Jozko Mrkvicka

Re: Cannot establish C2S VPN connection

Jump to solution

I had deep look on the issue during holiday session, and the root cause was found in Windows logs. There was error message related to the software for SmartCard reading (3rd party program). After uninstalling this program from Windows, the remote access started to work.

Not sure how it was related to the issue that I was using username and password for logging within SecuRemote. Anyway, the issue was finally solved Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos