This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
lucascaetano9
Participant
‎2019-05-03 04:53 PM

Checkpoint device does not establish VPN tunnel

Jump to solution

Hello all,

 

I am getting issues when trying to configure VPN tunnels in my R77.20. I have tried to connect to ASA, FORTINET and Pfsense as well. As I dont know to much regarding the log of this kind of feature, I would like your help on some advice about this.

 

Are there some directory or folder that I can see evidences or issue of the connection? 

 

Obs: I dont have a blade license to check in monitor and another tools in smartcenter.

Reply
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-05-03 09:45 PM

Jump to solution
SmartView Tracker and/or SmartLog should show evidence of this.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

Reply
HeikoAnkenbrand
Champion
Champion
‎2019-05-03 10:54 PM

Jump to solution

Tip:

- use IKEv1

- use lower DH groups for example  5

- use main mode

- check first with PSK

- check same phase 1 and phase 2 settings

- check supernet issues

- check encryption domains on both sides 

- Update your firewall to a supported version R80.20 with vpn multicore support. R77.20 is out of support😀.

- use „vpn tu“ to check phase 1 and phase 2 

- enable the vpn debug and use the ikeview tool to debug vpn issues

View solution in original post

Reply
5 Replies
PhoneBoy
Admin
Admin
‎2019-05-03 09:45 PM

Jump to solution
SmartView Tracker and/or SmartLog should show evidence of this.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

Reply
lucascaetano9
Participant
‎2019-05-06 09:45 AM
In response to PhoneBoy

Jump to solution

The issue Advanced Access is required is being shown even I am logged with my costumer credentials, but anyway, thanks for your recomendation!

0 Kudos
Reply
HeikoAnkenbrand
Champion
Champion
‎2019-05-03 10:54 PM

Jump to solution

Tip:

- use IKEv1

- use lower DH groups for example  5

- use main mode

- check first with PSK

- check same phase 1 and phase 2 settings

- check supernet issues

- check encryption domains on both sides 

- Update your firewall to a supported version R80.20 with vpn multicore support. R77.20 is out of support😀.

- use „vpn tu“ to check phase 1 and phase 2 

- enable the vpn debug and use the ikeview tool to debug vpn issues

View solution in original post

Reply
HeikoAnkenbrand
Champion
Champion
‎2019-05-03 11:17 PM
In response to HeikoAnkenbrand

Jump to solution

See more -> What is the IKEView utility?

sk30994

Reply
HeikoAnkenbrand
Champion
Champion
‎2019-05-03 11:24 PM
In response to HeikoAnkenbrand

Jump to solution

Or see this SK:

VPN Site-to-Site with 3rd party

Reply