Create a Post
Showing results for 
Search instead for 
Did you mean: 


Hey there!

TL;DR: IPSEC VPN problem - My Checkpoint device cant communicate with the Interoperable device (that is actually the AWS side of the tunnel) at all! the error is "IKE failure: Initial exchange: Exchange failed: timeout reached"


The problem:

I'm trying to connect my On-Premise and my AWS environment with a S2S VPN.

I have configured everything on AWS and then got a configuration tutorial document for my checkpoint.

I did everything, and got to the part when I have to test my connection, but it is not working. 


What I have already tried:

In the logs I can see once in a minute a record with action "REJECT" and description "IKE failure: Initial exchange: Exchange failed: timeout reached". After that, there is another record with action "Encrypt", but then it stops. (Images of this are included at the end)

I tried to sniff all interfaces and understood that there is not even one packet that is sent to the Public IP that is defined in the interoperable device. 

Also tried to ping this address and saw that I cannot talk to it. 

I tried to change the IP address of the interoperable device and it was preventing me to send anything to the new IP.

I have a rule that allows my firewall to communicate with that address in any type of communication so that's not the problem.


Thanks a Lot!!!!

0 Kudos
2 Replies

I think you need to perform a vpn debug to get more info 



0 Kudos

I would do simple vpn debug as well.

vpn debug trunc

vpn debug ikeon

-generate some traffic, wait 2-3 mins

vpn debug ikeoff

Get ike and vpnd files from $FWDIR/log dir



0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events