Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Polina_1
Participant

Certificate VPN doesn't work

Good afternoon!
I have a problem with VPN connection with Endpoint Security VPN.
The certificate issued on EPS version 86.60 does not work on another computer with EPS version 86.60.
But this certificate works well on computer with EPS version 85.00.
Could you tell me what the problem is?

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee

What type of certificate is used and what is the error that you see on the client when it doesn't work?

CCSM R77/R80/ELITE
0 Kudos
Polina_1
Participant

The type used is PKCS#12. No error messages appear when the client cannot connect to the gateway.

0 Kudos
PhoneBoy
Admin
Admin

Does it work with E85.00 and not work with E86.60 on the exact same computer?
Might need TAC to assist with this.

0 Kudos
Polina_1
Participant

Yes, this problem appears on the same computer.

0 Kudos
the_rock
Legend
Legend

As @Chris_Atkinson asked, what type of cert is it? Are we talking the actual client cert or the vpn cert on the gateway?

Andy

0 Kudos
Polina_1
Participant

The type used is PKCS#12. Employees use hardware tokens with certificates. 
We are talking about the actual client cert.

0 Kudos
Andrey_Korobko
Contributor

Hello!

Problem solved, how? We are facing a similar problem.

0 Kudos
the_rock
Legend
Legend

I would involve TAC for this.

0 Kudos
stalindelatorre
Explorer

Hi, I have the same issue with ESP 86.80 connecting to a VPN site to site on Quantum FW1595. Some computers with the same EPS work fine and others don't. The only difference I found is related to the internet provider, because some branches use different IPS for connecting to the firewall. 

Does anybody knows how to fix this?

0 Kudos
PhoneBoy
Admin
Admin

When you say "don't work" what exact symptoms and logs do you see?
The only time I've seen an issue related to ISP is when CGNAT is involved, which will sometimes change the IP during a session.
You can try forcing Visitor Mode, but I'm not sure how to do that on locally managed SMB appliances.
If centrally managed (with Smart-1), see: https://support.checkpoint.com/results/sk/sk107433 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events