Hi,
A customer give access to an Checkpoint VPN and it works properly when i am at home; however in my office it shows an error: No response from gateway for 1st packet.
All my partners have the same issue when they are in the office, so we realized it is a general problem in the office. Checking the checkpoint log we found there is a problem in the IKE first phase and it always get a timeout. We don't know if it is related to router in the middle, some firewall or the customer doesn't allow connection from our office public IP.
[ 4024 5044][13 Apr 18:57:09][IKE] **** create_MM1: Create packet 1
[ 4024 5044][13 Apr 18:57:09][IKE] **** <user-name-password, 28800 secs>
[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: IkePacket::add: Add 1st payload (Security Association)
[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0
[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 2th payload (Vendor ID)
[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0
[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 3th payload (Vendor ID)
[ 4024 5044][13 Apr 18:57:09][IKE] create_MM1: multi_realms is enabled.
[ 4024 5044][13 Apr 18:57:09][IKE] create_MM1: machine authentication is enabled.
[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0
[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 4th payload (Vendor ID)
[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::setIkeCacheTimeout: setting ike_cache_timeout to 0
[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::setIkeCacheTimeout: setting ike_cache_timeout to 0
[ 4024 5044][13 Apr 18:57:09][transport] AutoDetect_Transport::IkeT_PacketSend: start...
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALGetContext_UM: Enter
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALGetContext_UM: Exit
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Transport::send_data sending 808 bytes for application 2
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_WSA: is not supported.
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_UM: Enter
[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: sent 0 of 816 bytes == 816 bytes to send
[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: managed to send 816 of 816 bytes
[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: call: 5854f0 with 0
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Enter
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: previous sent was completed.
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Exit
[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: rc=1, next: 5854f0 with 0, req: 65536r, 0w
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_UM: Exit
[ 4024 5044][13 Apr 18:57:09][tunnel] [INFO] [IkeV1Tunnel::start_ike_neg] (0x02A9EED0): Started Main Mode (1st packet sent)
[ 4024 5044][13 Apr 18:57:09][tunnel] [COVERAGE] [IkeV1Tunnel::start_ike_neg] (0x02A9EED0): __end__ Total: 2 milliseconds.
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::IkeT_ReceivedConnect: __end__ 18:57:9.779. Total time - 2 milliseconds
[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::IkeT_NotifyConnect: __end__ 18:57:9.779. Total time - 2 milliseconds
[ 4024 5044][13 Apr 18:57:09][esp_transport] EspTransport::EspT_NotifyConnect: __start__ 18:57:9.779
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: __start__ 18:57:9.779
[ 4024 5044][13 Apr 18:57:09][MessageLoop] MessageLoop::MessageLoop::DeschedCB: entering.
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: NAT-T is already used as esp transport
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: __end__ 18:57:9.779. Total time - 0 milliseconds
[ 4024 5044][13 Apr 18:57:09][esp_transport] EspTransport::EspT_NotifyConnect: __end__ 18:57:9.779. Total time - 0 milliseconds
[ 4024 5044][13 Apr 18:57:09][MessageLoop] MessageLoop::MessageLoop::DeschedCB: entering.
[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Transport::notifyConnect: __end__ 18:57:9.779. Total time - 2 milliseconds
[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Exit
[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_in: 2700: rc=1, next: 5854f0 with 0, req: 65536r, 0w
[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): __start__
[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): Injector 0x02BFDA78 deregistered
[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): Deregistered 1st response timeout injector 0x02BFDA78
[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): __end__ Total: 0 milliseconds.
[ 4024 5044][13 Apr 18:57:15][tunnel] Injector::timeout: inject event @02c415f8
[ 4024 5044][13 Apr 18:57:15][negs] [COVERAGE] [Negotiation::process_event] (0x02C3FAE8): __start__
[ 4024 5044][13 Apr 18:57:15][IKE] TimeoutEventHandler: Got Timeout event #1001
[ 4024 5044][13 Apr 18:57:15][IKE] Set ClipsMessage = 46128096
[ 4024 5044][13 Apr 18:57:15][rais] [DEBUG] [RaisMessages::CreateMessageSet(s)] message: (msg_obj
:format (1.0)
:id (ClipsMessagesConnTimedOut1Pkt)
:def_msg ()
:arguments ()
)
[ 4024 5044][13 Apr 18:57:15][IKE] Set log message "No response from gateway for 1st packet"
we run a Wireshark sniffer and we found that the VPN server always sent an RST message during the first IKE phase (please check the attachment), could it be a proof the VPN server is blocking the office public IP?
Thanks for your help,
Julian8c
| User | Count |
|---|---|
| 5 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 04 Jul 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: The most intriguing features of R82: ElasticXL and VSNext!Thu 04 Jul 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: The most intriguing features of R82: ElasticXL and VSNext!
