Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TecniSupp
Explorer

QS 1530 Appliance IPSec test failing all the time

Hello,

 

I'm having this strange issue. I have an IPSec tunnel working ok, all the encrypted domains of this VPN are able to communicate.

But what is strange is that when I try to test the tunnel it always fails...

 

I've attached a screenshot of it.

 

Only one site is using Checkpoint.

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee

To help correlate with any potential known issues could you please confirm the firmware version/build?

CCSM R77/R80/ELITE
0 Kudos
TecniSupp
Explorer

I've installed the latest firmware yesterday.

R81.10.10 (996002906)

It looks like the firewall is testing the tunnel with a route that it isn't from the IPSec tunnel.

0 Kudos
TecniSupp
Explorer

Updated yesterday to last firmware.

R81.10.10 (996002906)

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Is the tunnel initiated from the peer GW ? There are configurations that only work this way, and here the tunnel test will fail as the peer must initiate the VPN...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
TecniSupp
Explorer

No, it starts from the Checkpoint.

I also have a router 1st and the checkpoint next, so my checkpoint is in NAT.

0 Kudos
TecniSupp
Explorer

So it needs to be initiated by the peer for the tunnel test to work? It doesn't make sense to me.

The test must be using ping to check the connection. One thing that I've noticed was that even the ping tool won't ping the other side. Also when I try to configure a DC on the checkpoint it also won't let me finish the configuration, it fails with communication error.

Checkpoint must be using an IP that is not in the local encryption domain and that is why it fails, this is my guess.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events