This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
julian8c
Explorer
‎2024-04-16 06:29 PM

Endpoint E84: No response from gateway for 1st packet (RST packet) from office internet connection

Hi,

 

A customer give access to an Checkpoint VPN and it works properly when i am at home; however in my office it shows an error: No response from gateway for 1st packet.

 

Screenshot 2024-04-16 200104_2.png

 

All my partners have the same issue when they are in the office, so we realized it is a general problem in the office. Checking the checkpoint log we found there is a problem in the IKE first phase and it always get a timeout. We don't know if it is related to router in the middle, some firewall or the customer doesn't allow connection from our office public IP.

 

[ 4024 5044][13 Apr 18:57:09][IKE] **** create_MM1: Create packet 1

[ 4024 5044][13 Apr 18:57:09][IKE] **** <user-name-password, 28800 secs>

[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: IkePacket::add: Add 1st payload (Security Association)

[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0

[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 2th payload (Vendor ID)

[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0

[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 3th payload (Vendor ID)

[ 4024 5044][13 Apr 18:57:09][IKE] create_MM1: multi_realms is enabled.

[ 4024 5044][13 Apr 18:57:09][IKE] create_MM1: machine authentication is enabled.

[ 4024 5044][13 Apr 18:57:09][IKE] Opaque_PayloadHolder::Opaque_PayloadHolder[create]: length 0

[ 4024 5044][13 Apr 18:57:09][IKE] append_payload: Add 4th payload (Vendor ID)

[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::setIkeCacheTimeout: setting ike_cache_timeout to 0

[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::setIkeCacheTimeout: setting ike_cache_timeout to 0

[ 4024 5044][13 Apr 18:57:09][transport] AutoDetect_Transport::IkeT_PacketSend: start...

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALGetContext_UM: Enter

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALGetContext_UM: Exit

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Transport::send_data sending 808 bytes for application 2

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_WSA: is not supported.

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_UM: Enter

[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: sent 0 of 816 bytes == 816 bytes to send

[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: managed to send 816 of 816 bytes

[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: call: 5854f0 with 0

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Enter

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: previous sent was completed.

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Exit

[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_out: 2700: rc=1, next: 5854f0 with 0, req: 65536r, 0w

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALSend_UM: Exit

[ 4024 5044][13 Apr 18:57:09][tunnel] [INFO] [IkeV1Tunnel::start_ike_neg] (0x02A9EED0): Started Main Mode (1st packet sent)

[ 4024 5044][13 Apr 18:57:09][tunnel] [COVERAGE] [IkeV1Tunnel::start_ike_neg] (0x02A9EED0): __end__ Total: 2 milliseconds.

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::IkeT_ReceivedConnect: __end__ 18:57:9.779. Total time - 2 milliseconds

[ 4024 5044][13 Apr 18:57:09][ike_transport] IkeTransport::IkeT_NotifyConnect: __end__ 18:57:9.779. Total time - 2 milliseconds

[ 4024 5044][13 Apr 18:57:09][esp_transport] EspTransport::EspT_NotifyConnect: __start__ 18:57:9.779

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: __start__ 18:57:9.779

[ 4024 5044][13 Apr 18:57:09][MessageLoop] MessageLoop::MessageLoop::DeschedCB: entering.

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: NAT-T is already used as esp transport

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Handler::EspT_ReceivedConnect: __end__ 18:57:9.779. Total time - 0 milliseconds

[ 4024 5044][13 Apr 18:57:09][esp_transport] EspTransport::EspT_NotifyConnect: __end__ 18:57:9.779. Total time - 0 milliseconds

[ 4024 5044][13 Apr 18:57:09][MessageLoop] MessageLoop::MessageLoop::DeschedCB: entering.

[ 4024 5044][13 Apr 18:57:09][transport] TCPT_Transport::notifyConnect: __end__ 18:57:9.779. Total time - 2 milliseconds

[ 4024 5044][13 Apr 18:57:09][SALSOCKET] SALConnHandler: Exit

[ 4024 5044][13 Apr 18:57:09][fwasync] fwasync_do_mux_in: 2700: rc=1, next: 5854f0 with 0, req: 65536r, 0w

[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): __start__

[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): Injector 0x02BFDA78 deregistered

[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): Deregistered 1st response timeout injector 0x02BFDA78

[ 4024 5044][13 Apr 18:57:15][tunnel] [COVERAGE] [IkeV1Tunnel::deregistered_injector] (0x02A9EED0): __end__ Total: 0 milliseconds.

[ 4024 5044][13 Apr 18:57:15][tunnel] Injector::timeout: inject event @02c415f8

[ 4024 5044][13 Apr 18:57:15][negs] [COVERAGE] [Negotiation::process_event] (0x02C3FAE8): __start__

[ 4024 5044][13 Apr 18:57:15][IKE] TimeoutEventHandler: Got Timeout event #1001

[ 4024 5044][13 Apr 18:57:15][IKE] Set ClipsMessage = 46128096

[ 4024 5044][13 Apr 18:57:15][rais] [DEBUG] [RaisMessages::CreateMessageSet(s)] message: (msg_obj

 :format (1.0)

 :id (ClipsMessagesConnTimedOut1Pkt)

 :def_msg ()

 :arguments ()

)

 

[ 4024 5044][13 Apr 18:57:15][IKE] Set log message "No response from gateway for 1st packet"

 

we run a Wireshark sniffer and we found that the VPN server always sent an RST message during the first IKE phase (please check the attachment), could it be a proof the VPN server is blocking the office public IP?

 

 

Thanks for your help,

 

Julian8c

Preview file
72 KB
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events