Solved: Re: vpn-1 server could not find any certificate to... - Page 2

MrDazana · ‎2023-02-09

Hi all,

I can't figure out what's going on and I hope someone here can help me. I have a 1570 with VPN blade active. My users are getting the following error msg "vpn-1 server could not find any certificate to use for IKE" when connecting with the checkpoint vpn client on mac or windows.

If I replace the certificate, they can connect but later get the error msg above when they reconnect.

If I reboot the router, it works fine, but then later fails with the same error on top when they reconnect.

I have 2 sites connecting to site to site and they work fine.

firmware version of the checkpoint is R81.10 (996000575)

Thanks

Dale_Lobb · ‎2023-02-10

Just monitor it closely. As I said, in my case using R80.20.50, it takes between 3 and 11 days before the issue reasserts.

MrDazana · ‎2023-02-11

Went back to R81.x added screenshot from Firewall side. This is a fresh install of R81.10 on the 1570

Client laptop using vpn client E86.80

MrDazana · ‎2023-02-11

Adding more info here as I just realized something and might be onto something. When installing the client, we are proposed 3 options and the last 2 are handled differently by the firewall. This issue I'm having is with the 3rd option "SecureRemote" Basic Remote Access Client. When this connects, it connects to Mobile Access, which oddly enough is disabled on my firewall on the vpn blade but still allows me to connect. This also doesn't show me as connected in connected VPN users. Also, the ip address my client was getting was from my ISP modem 192.168.99.xxx even though the WAN port was set to PPPOE.

I uninstalled the client and reinstalled with the second option " Check point Mobile". This Version connects me to the firewall with no issues and I can see my user connected under Connected remote users. It also uses the configuration of the vpn blade for ip addressing ( 172.16.10.xxx)

@Dale_LobbWhich option did you select ?

PhoneBoy · ‎2023-02-12

Check Point Mobile is what you should use with SMB appliances.
SMB appliances include Mobile Access licenses for a number of users appropriate to the capacity of the appliance.

SecuRemote does not require a specific license on the gateway.
However, it does not support Office Mode.
Not even sure SecuRemote works with an SMB gateway…

the_rock · ‎2023-02-12

Definitely works, had customer use it in the past.

Best,
Andy

MrDazanaCom · ‎2023-02-13

It connects to the SMB device and will stay connected. When I disconnect and reconnect i get the IKE1 error.

Anyway I reinstalled the client and used the enterprise option and I have been error free since, on R81.10 and my users are happy.

It would be nice to have some indication of what's installed as a client as both look and act the same but are handle differently by the SMB device.

food for thought

PhoneBoy · ‎2023-02-13

The fact SecuRemote isn't working might be worth a TAC case.
Having said that, there's no reason SecuRemote should be used here since you have licenses for Check Point Mobile.

the_rock · ‎2023-02-13

100% that should work, no doubt. Why it doesnt, I have no clue. Might be worth TAC case if you care to investigate more.

Best,
Andy

obsidian11 · ‎2023-05-08

Greetings, I have similar issue with Quantum Spark 1530 Appliance [R81.10 (996000575).

I've noticed when I go to VPN > Remote Access section and select Blade Control,

if I toggle off Remote Access radio button, and then try to connect (I know it will fail), and then toggle on that same button and try to recconect, suddenly works for me. Why? I don't have clue.

I mean, this is just temporarely fix but it still better than factory reset.

Are you a member of CheckMates?

vpn-1 server could not find any certificate to use for IKE