This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MrDazana
Contributor
‎2023-02-09 01:42 PM
Jump to solution

vpn-1 server could not find any certificate to use for IKE

Hi all, 

 

I can't figure out what's going on and I hope someone here can help me. I have a 1570 with VPN blade active. My users are getting the following error msg "vpn-1 server could not find any certificate to use for IKE" when connecting with the checkpoint vpn client on mac or windows. 

If I replace the certificate, they can connect but later get the error msg above  when they reconnect. 

If I reboot the router, it works fine, but then later fails with the same error  on top when they reconnect. 

 

I have 2 sites connecting to site to site and they work fine. 

 

firmware version of the checkpoint is R81.10 (996000575)

 

Thanks

 

 

 

0 Kudos
38 Replies
Dale_Lobb
Advisor
‎2023-02-10 07:37 AM
In response to MrDazana
Jump to solution

  Just monitor it closely.  As I said, in my case using R80.20.50, it takes between 3 and 11 days before the issue reasserts.

0 Kudos
MrDazana
Contributor
‎2023-02-11 06:03 AM
Jump to solution

Went back to R81.x added screenshot from Firewall side. This is a fresh install of R81.10 on the 1570

Client laptop using vpn client E86.80

Capture2.JPG

0 Kudos
MrDazana
Contributor
‎2023-02-11 07:24 AM
In response to MrDazana
Jump to solution

Adding more info here as I just realized something and might be onto something. When installing the client, we are proposed 3 options and the last 2 are handled differently by the firewall. This issue I'm having is with the 3rd option "SecureRemote" Basic Remote Access Client. When this connects,  it connects to Mobile Access, which oddly enough is disabled on my firewall on the vpn blade but still allows me to connect. This also doesn't show me as connected in connected VPN users. Also, the ip address my client was getting  was from my ISP modem 192.168.99.xxx even though the WAN port was set to PPPOE.

 

Capture4.JPG

Capture5.JPG

 

Capture3.JPG

 

 

I uninstalled the client and reinstalled with the second option " Check point Mobile". This Version connects me to the firewall with no issues and I can see my user connected under Connected remote users. It also uses the configuration of the vpn blade for ip addressing ( 172.16.10.xxx) 

@Dale_LobbWhich option did you select ?

 

 

PhoneBoy
Admin
Admin
‎2023-02-12 03:32 PM
In response to MrDazana
Jump to solution

Check Point Mobile is what you should use with SMB appliances.
SMB appliances include Mobile Access licenses for a number of users appropriate to the capacity of the appliance.

SecuRemote does not require a specific license on the gateway.
However, it does not support Office Mode.
Not even sure SecuRemote works with an SMB gateway…

0 Kudos
the_rock
Legend
Legend
‎2023-02-12 07:19 PM
In response to PhoneBoy
Jump to solution

Definitely works, had customer use it in the past.

0 Kudos
MrDazanaCom
Participant
‎2023-02-13 04:50 PM
In response to PhoneBoy
Jump to solution

It connects to the SMB device and will stay connected. When I disconnect and reconnect i get the IKE1 error. 

 

Anyway I reinstalled the client and used the enterprise option and I have been error free since, on R81.10 and my users are happy. 

It would be nice to have some indication of what's installed as a client as both look and act the same but are handle differently by the SMB device. 

 

food for thought

PhoneBoy
Admin
Admin
‎2023-02-13 05:42 PM
In response to MrDazanaCom
Jump to solution

The fact SecuRemote isn't working might be worth a TAC case.
Having said that, there's no reason SecuRemote should be used here since you have licenses for Check Point Mobile.

0 Kudos
the_rock
Legend
Legend
‎2023-02-13 06:15 PM
In response to MrDazanaCom
Jump to solution

100% that should work, no doubt. Why it doesnt, I have no clue. Might be worth TAC case if you care to investigate more.

0 Kudos
obsidian11
Contributor
‎2023-05-08 02:42 AM
In response to the_rock
Jump to solution

Greetings, I have similar issue with Quantum Spark 1530 Appliance [R81.10 (996000575).

I've noticed when I go to VPN > Remote Access section and select Blade Control,

if I toggle off Remote Access radio button, and then try to connect (I know it will fail), and then toggle on that same button and try to recconect, suddenly works for me. Why? I don't have clue.

I mean, this is just temporarely fix but it still better than factory reset.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events