Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Attiq_
Explorer

Traditional mode VPN Support - R81.10

Hello All,

I am having an issue with the Traditional mode VPN not coming up when we replace our old 3200 appliance on R80.20, with a new one and install R81.10 with the exact same config. this is not in cluster mode, its just an active and a cold spare gateway.

 

Description:

Check Point 3200 appliance (cold spare) was prepared with R81.10 fresh install and the latest JHF installed.

It replaced the old 3200 appliance which had R80.20 and Traditional mode VPNs in the policy.

SIC was established and after policy installation (no changes were made to the policy), the VPN does not come up.

Local traffic capture shows packets being encrypted and routed through the correct interface.

Remote peer (gateway managed by the same SMS and on R80.20) capture does not show any packets being received at all. Nothing in logs and zdebug drop.

Local VPN debug (ike.elg) does not populate anything after starting the debug using “vpn debug ikeon”

Remote VPN debug (ike.elg) shows only packets before the migration.

When we switch back to the old firewall, VPN comes up fine after SIC reset and Policy install.

 

Not sure if the traditional mode VPN configuration is supported on R81.10, but I did not find any such statement. so there must be something that we are missing. may be vpn configuration file that has been edited?

Management Server is on R81.10.

0 Kudos
5 Replies
Attiq_
Explorer

@_Val_ looking for some advise here 🙂

0 Kudos
_Val_
Admin
Admin

Please take it with TAC. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Contact TAC to get this resolved - Traditional mode VPN is a legacy leftover that is better not used anymore...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq_
Explorer

@G_W_Albrecht Thanks. I have already raised a case.

0 Kudos
PhoneBoy
Admin
Admin

We introduced Simplified Mode more than a decade ago (going back to NG AI/R55 at least).
When upgrading to R8x, we even warn you about the need to convert to Simplified Mode: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

While TAC may be able to assist you, I strongly recommend focusing your efforts on converting to Simplified Mode.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events