Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nandhakumar
Contributor

IPsec S2S VPN issue - IKEV2

Hi,

Our side gateway - Checkpoint R81

Remote side gateway - Cisco ASR

 

We built tunnel to remote side and it was working fine for some days and it stopped working since last 3 days. I have checked logs in smart console and observed peer is getting authenticated successfully. After that our gateway sending reject message with "Informational exchange: Exchange failed: timeout reached".

Can someone please advise here, what can we check in this case from our side to make sure nothing caused block from checkpoint end.

 

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

0 Kudos
Nandhakumar
Contributor

No my issue was not related to that one.

In S2S VPN, Checkpoint negotiating internal IP address as IKE ID to remote side but actually it should negioate with external internet facing IP address.

Even after we have chosen Link selection to use external IP address, still it use internal one. This was observed at remote side network engineer and after he changed remote identity match from actual our gateway external IP to our gateway internal IP, it started working fine.

After 4 months, customer told that VPN connection was stopped working and this was happened just after we installed R81 hotfix take 36. Vendor side engineer checked and confirmed that he now could see IKE ID as our gateway external IP address. Even though this would be correct way, I am wondering how it switching between internal or external IP address?

 

 

0 Kudos
the_rock
Legend
Legend

If you were to run this command on your gateway, what do you see:

tcpdump -nni any host x.x.x.x and proto 50

 

where x.x.x.x is external remote IP address

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events