Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lucascaetano9
Participant
Jump to solution

Checkpoint device does not establish VPN tunnel

Hello all,

 

I am getting issues when trying to configure VPN tunnels in my R77.20. I have tried to connect to ASA, FORTINET and Pfsense as well. As I dont know to much regarding the log of this kind of feature, I would like your help on some advice about this.

 

Are there some directory or folder that I can see evidences or issue of the connection? 

 

Obs: I dont have a blade license to check in monitor and another tools in smartcenter.

2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
HeikoAnkenbrand
Champion Champion
Champion

Tip:

- use IKEv1

- use lower DH groups for example  5

- use main mode

- check first with PSK

- check same phase 1 and phase 2 settings

- check supernet issues

- check encryption domains on both sides 

- Update your firewall to a supported version R80.20 with vpn multicore support. R77.20 is out of support😀.

- use „vpn tu“ to check phase 1 and phase 2 

- enable the vpn debug and use the ikeview tool to debug vpn issues

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
SmartView Tracker and/or SmartLog should show evidence of this.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
lucascaetano9
Participant

The issue Advanced Access is required is being shown even I am logged with my costumer credentials, but anyway, thanks for your recomendation!

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Tip:

- use IKEv1

- use lower DH groups for example  5

- use main mode

- check first with PSK

- check same phase 1 and phase 2 settings

- check supernet issues

- check encryption domains on both sides 

- Update your firewall to a supported version R80.20 with vpn multicore support. R77.20 is out of support😀.

- use „vpn tu“ to check phase 1 and phase 2 

- enable the vpn debug and use the ikeview tool to debug vpn issues

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

See more -> What is the IKEView utility?

sk30994

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

Or see this SK:

VPN Site-to-Site with 3rd party

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events