Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

R80.40 RA VPN reconnecting after 15 seconds

Jump to solution

Has anyone experienced issues with RA VPN clients (Check Point Endpoint Security) sucessfully conecting and than sudenly connection is dropped and reconnecting started after 15 seconds? After reconnecting the RA VPN session the same problem is repeating over and over again.

I have a 5600 cluster with Gaia R80.40 and I have found following in my SmartConsole logs:

 

tunnel_test (UDP/18234)   tunnel_test Traffic dropped from 172.16.10.7 to <cluster_public_IP>

where 172.16.10.7 is an IP address assigned to a VPN client from my Office Pool

I have tried tcpdump on my gateway and found following 5 packet are received on gateway before the connection is dropped:

11:41:15.294804 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x3), length 76
11:41:17.753991 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x4), length 76
11:41:20.559832 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x5), length 76
11:41:23.168907 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x6), length 76
11:41:25.609312 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x7), length 76
11:41:27.640155 IP <router-address>.61852 > <cluster-address>.ipsec-nat-t: UDP-encap: ESP(spi=0x5c067c2e,seq=0x8), length 76

where my endpoint client is NATed behind router public IP. I believe my 5600 gateway is not responding to UDP tunnel keepalive traffic so it gets disconnected after 15 sesonds. I am not sure where to look for such an option. I already enabled NAT-T traversal, but it did make any change.

Does someone have some suggestions what I should check?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Contributor

I just have found out that I my antispoofing rules on external interface blocked my RA VPN sessions.

I believe my topology is not well formed, after I have disables Anti-spoofing rule, RA VPN is working normally.

View solution in original post

0 Kudos
1 Reply
Highlighted
Contributor

I just have found out that I my antispoofing rules on external interface blocked my RA VPN sessions.

I believe my topology is not well formed, after I have disables Anti-spoofing rule, RA VPN is working normally.

View solution in original post

0 Kudos