This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SkipperNavy
Contributor
‎2020-12-14 03:56 AM

IPSEC VPN

Hello,

I just configured an ipsec vpn with a 3rd party Firewall.

Ike phase 1 is OK.

in logs, i see dropped paquets between the Mgmt interface of my local GW and the remote public ip of 3rd party.

 

Can Someone advice me on this case.

8 Replies
PhoneBoy
Admin
Admin
‎2020-12-14 09:02 AM

You can start here for debugging.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

SkipperNavy
Contributor
‎2020-12-14 11:30 PM
In response to PhoneBoy

Thank you,

I tried all of this , but i can't figure out the problem.

Is it normal  to see drops between the Mgmt ip of the gateway and the peer ip?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-15 06:12 AM

You haven't described your precise configuration, which makes it difficult to know if you've configured something incorrectly.
What do you have Link Selection configured to use in this case?

Benedikt_Weissl
Advisor
‎2020-12-15 06:24 AM

Phase 2 issues might be caused by different encryption/hash algorithms on one side, but since phase 1 is working I think the encryption domains are wrong. Can you post your settings and an excerpt from the vpn log?

Vincent_Bacher
Advisor
Advisor
‎2020-12-15 07:09 AM

"dropped paquets between the Mgmt interface of my local GW"

Mgmt Interface?
Link selection config issue?
Routing?
🤔
Drop reason from log would be helpful. 😏

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
SkipperNavy
Contributor
‎2020-12-15 12:56 PM

i have not modified the Link selection.

I am facing problems with my cluster, it is not stable.

Thank you to all. 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-15 02:33 PM
In response to SkipperNavy

There can be many reasons a VPN doesn't work.
We would need to know a LOT more about the underlying configuration and the precise errors you're seeing.
Output of some of the debugs might be helpful as well.

If you're not comfortable sharing on a public community (which I totally understand), I highly recommend opening a case with our TAC. 

Vincent_Bacher
Advisor
Advisor
‎2020-12-16 12:28 AM
In response to PhoneBoy

All Screenshots and log entries or debug outputs are easy to anonymize 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events