Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
N8VES
Explorer

Can't remote VPN into 1570 Appliance

I have a locally managed 1570 appliance running R80.20.15 (992001682). I have it properly set up for remote access both with the Checkpoint VPN software and for L2TP. NO ONE can VPN into it either with the Checkpoint software or through L2TP. They have the correct IP address and proper username and passwords. It just rejects any connection. I have already backed up the configurations and am ready to do the auto upgrade to R81. Will that solve the remote access issues we are having or is this some other problem. We have several users that would like to work occasionally from home and this has been a thorn in our side for some time now. 

1570 appliance1.jpg1570 VPN.jpg

0 Kudos
11 Replies
N8VES
Explorer

Tried to vpn in again today at my home. I downloaded E86.20 and just set it up with the default settings. I made a new connection with the correct IP address. I can connect with my user name and password.... for about 20 seconds. It then disconnects and reconnects for another 20 seconds and then disconnects. During that 20 seconds I cannot connect to or even see any computer on my work network. Not even the server. L2TP? Forget it. It flat out rejects any connection. Any suggestions?

0 Kudos
N8VES
Explorer

I uninstalled E86.20 and then installed E87.50 just to see if the upgraded software would work. Same thing. I connect for 20 seconds and then get booted off. Why won't this work? There is a VPN tunnel set up between our plant and the Corporate office in another state. That tunnel works because we can access the SAP server at the Corporate office. So why can't users get in?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What client side logs/errors do you see?

How is the encryption domain configured, specifically how does the VPN IP pool (office mode range) relate to other internal networks?

Why R80.20.15 and not something much more recent?

sk165734: R80.20.x Firmware Releases

sk179615: R81.10.x Firmware Releases 

CCSM R77/R80/ELITE
0 Kudos
N8VES
Explorer

Noting seems to be wrong with our domain. Users can navigate the network internally just fine. Our IP phone network also works without a problem. Just standard domain settings. This became a problem about six months after we suffered a ransomware attack. We wiped everything and started over. Been dealing with this VPN issue since. As far as R80.20.15 goes, if it works, DON"T F#$% WITH IT. I haven't upgraded to the latest firmware because we have a VPN tunnel to our corporate office - it works fine. I can't afford to lose that connection. If the upgrade breaks it, I'll play hell trying to get it set up again. Red tape headaches...

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Understand the thought process there but please note support for R80.20.x ends later this month so at some point you'll have to rely on grabbing a backup and attempting the upgrade.

https://www.checkpoint.com/support-services/support-life-cycle-policy/

CCSM R77/R80/ELITE
0 Kudos
N8VES
Explorer

Yeah I know about the EOL of 80.20.x. I do have a backup of the configs. Did that on Friday. Where do I find the Client logs on the remote PC? I found the Checkpoint folder in Program Files (X86). Didn't see anything that looked like a log file.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Take a look at sk169258 for the VPN client logs

CCSM R77/R80/ELITE
0 Kudos
N8VES
Explorer

OOOOOOKAAAAY... I'll have to try and log in again tonight to see the logs, since I didn't set it up beforehand. In the meantime.... I'll get with Corporate IT and find out the passkey for the VPN Tunnel and then do the instant upgrade option in the firewall to get the latest firmware. I'll let you know more tomorrow how it went.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Do a RA VPN Debug sk62482: How to debug VPN issues on Quantum Spark (SMB) Appliances and SMB VPN Debugs or consult CP TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
N8VES
Explorer

I was hoping I wouldn't have to do anything in CLI. I'm not the greatest typist and ya hafta be extra aware of what you are doing in the CLI. You can screw a lot up if yer not careful. I'll have to get the CLI driver stuff from Checkpoint and then follow the steps in SK62482. Before I do that, I'll just go ahead and do the firmware upgrade and test it out again (with logging enabled). We'll see how far I get....

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You can contact TAC and let CP resolve the issue.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events