This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
checkpopipu
Participant
‎2024-02-21 09:27 AM

S2S VPN

Hey there!

TL;DR: IPSEC VPN problem - My Checkpoint device cant communicate with the Interoperable device (that is actually the AWS side of the tunnel) at all! the error is "IKE failure: Initial exchange: Exchange failed: timeout reached"

 

The problem:

I'm trying to connect my On-Premise and my AWS environment with a S2S VPN.

I have configured everything on AWS and then got a configuration tutorial document for my checkpoint.

I did everything, and got to the part when I have to test my connection, but it is not working. 

 

What I have already tried:

In the logs I can see once in a minute a record with action "REJECT" and description "IKE failure: Initial exchange: Exchange failed: timeout reached". After that, there is another record with action "Encrypt", but then it stops. (Images of this are included at the end)

I tried to sniff all interfaces and understood that there is not even one packet that is sent to the Public IP that is defined in the interoperable device. 

Also tried to ping this address and saw that I cannot talk to it. 

I tried to change the IP address of the interoperable device and it was preventing me to send anything to the new IP.

I have a rule that allows my firewall to communicate with that address in any type of communication so that's not the problem.

 

Thanks a Lot!!!!

Preview file
672 KB
Preview file
422 KB
0 Kudos
2 Replies
CheckPointerXL
Advisor
‎2024-02-22 02:47 PM

I think you need to perform a vpn debug to get more info 

 

 

0 Kudos
the_rock
Legend
Legend
‎2024-02-22 05:37 PM

I would do simple vpn debug as well.

vpn debug trunc

vpn debug ikeon

-generate some traffic, wait 2-3 mins

vpn debug ikeoff

Get ike and vpnd files from $FWDIR/log dir

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events