This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
XBensemhoun
Employee
Employee
‎2021-08-24 06:13 AM

Avoid idle timeout of VPN session on endpoint remote access VPN client

Hi,

Is there any further required steps (than the configuration described below) to establish always-on VPN connection from an endpoint client when the Windows' user session is locked after a certain time?

Configuration:

  • Endpoint version: E84.40
  • Authentication by certificate
  • Global Properties - connect mode at Always connect
    • which is confirmed on the client side: "always connected" is checked and greyed
  • save_cli_credentials_for_ATM at true
  • automatic_capi_reauthentication at true

Errors:

[ 7516 7624][23 Aug 22:29:51][TR_EVENTS] TR_EVENTS::Raise: No registered cbs for event 2153254

[ 7516 7624][23 Aug 22:29:52][IKE_SEC_ASSOC] IkeSecAssoc::Timeout:SA with cookies = 44e58930ccbccb4b 25f3509dd3ee99d0 is calling its SAExpiryHandler - needs to be killed

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] Adding SA for cookies:  44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] ClientSADB::remove : , removed from the ClientSADB

[ 7516 7624][23 Aug 22:29:52][IKE] IkeTunnel::IkeSAExpired: removed SA with Cookies = 44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][rais] [DEBUG] [RaisMessages::CreateMessageSet(s)] message: (msg_obj

                :format (1.0)

                :id (ClipsMessagesAuthExpired)

                :def_msg ("Authentication expired")

                :arguments ()

)

7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __start__ 22:29:53.280

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrCredKey::TrCredKey: creating credKey

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthCache::GetSiteAuthReq: entering - item (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TR_AUTH_MANAGER::TrAuthenticationManager::AbortAuthRequest: Failed to find request to abort, (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __end__ 22:29:53.280. Total time - 0 milliseconds

[ 7516 7624][23 Aug 22:29:53][TR_FLOW_STEP] TR_FLOW_STEP::TrConnEngineConnectStep::Cancel: Sending disconnect to GW

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::cancel_connect: started

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::notifyGwSADeletion: started

Information Security enthusiast, CISSP, CCSP
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events