Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernardes
Advisor
Advisor

How to start and confirm a IPSEC VPN Site-to-Site negotiation from Check Point Gateways?

Dear friends,

I apologize for the basic question, but I couldn't find this information clearly in the VPN Guide.

How can I force a Check Point gateway to initiate a site-to-site VPN tunnel negotiation?

How can I verify that it is the Check Point gateway that is initiating the negotiation and attempting to establish the tunnel?

Any tips on useful commands for this situation or any SK that addresses this?

Thank you in advance for your help!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

This is typically started by initiating traffic that should go through the VPN (e.g. initiate a ping that should traverse the VPN).
You should see log entries in SmartView that confirm the VPN was started.
You can use vpn tu on the command line to see what tunnels are started.
For more advanced debugging, see: https://support.checkpoint.com/results/sk/sk180488

0 Kudos
the_rock
Legend
Legend

As @PhoneBoy said, vpn tu is good, also, if you have monitoring blade enabled, you can check in SV monitor, as well as with vpn tu tlist -p external_peer_ip command.

Example, say ex peer IP is 1.2.3.4, you can run vpn tu tlist -p 1.2.3.4

Andy

0 Kudos
Bernardes
Advisor
Advisor

Hello friends @PhoneBoy  @the_rock ! Thank you for the response!

But in this case, the 'vpn tu tlist -p <IP_peer>' command will show me information only if the tunnel is already established, correct?

I am dealing with a scenario where the tunnel is not established, and I would like to know if just by sending a ping that should go through the tunnel, will the Check Point attempt to initiate the negotiation to establish the tunnel if it's down?

0 Kudos
the_rock
Legend
Legend

Well, if connection is supposed to be encrypted, then it will go through the tunnel.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events