Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MTS
Participant

The site to site VPN between CheckPoint just won't bring up automatically after reboot

Hi,

 

We just set up a VPN community for both CheckPoints for two remote sites.

Both CheckPoints are managed by the same SMS.

We find that even we configure the permanent tunnel for the community and install the policy package for it to both CPs.

The site to site VPN between CheckPoint just won't bring up automatically after reboot 

Now, we have to get the Smartview and manually reset the Tunnel to bring it up...

 

How to fix this?

 

By the way, we have another three VPN tunnels' communities connecting to Fortigate and PaloAlto, and no the same issue was found...

0 Kudos
12 Replies
PhoneBoy
Admin
Admin

What version/JHF?
What messages appear in the firewall logs?
Anything odd in $FWDIR/log/vpnd.elg?

0 Kudos
MTS
Participant

What version/JHF?
the latest.


What messages appear in the firewall logs?

Seems no error?

I will just reset / reinstall the policy package then the VPN will up again,


Anything odd in $FWDIR/log/vpnd.elg?

Nope.

0 Kudos
the_rock
Legend
Legend

Ok, so if its brand new community, we know for sure it never worked before...phoneboy made a good point, usually vpnd* files in $FWDIR/log would give some indication about possible failures...have you tried running vpn debug ikeon and vpn debug ikeoff when this occurs and then examine ike.elg file?

0 Kudos
PhoneBoy
Admin
Admin

The latest version is R81.10 which doesn’t have a JHF yet.
Is this what you are running?
If not, please state the precise version/JHF you are running.

Might want to look at the general VPN debug steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
In General, the more information you provide, the more likely we can help you.

MTS
Participant

How to check the version/JHF?

0 Kudos
the_rock
Legend
Legend

cpinfo -y all from expert mode

0 Kudos
MTS
Participant

This command can not be used for SMB model.

 

No "-y"

0 Kudos
PhoneBoy
Admin
Admin

For SMB, you can see the exact version and build in the WebUI, which should have been provided at the beginning of this thread.
In general the more information you can provide us about your environment, the easier it is for us to help you.

The general VPN debugging SK I linked to earlier should still be helpful on SMB.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
MTS
Participant

Version:

1570 GW: R80.20.25

0 Kudos
G_W_Albrecht
Legend
Legend

Which Build, 992002136 ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
MTS
Participant

Capture.PNG

0 Kudos
G_W_Albrecht
Legend
Legend

I would suggest to involve TAC !

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events