This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Attiq_
Explorer
‎2022-09-14 10:32 AM

Traditional mode VPN Support - R81.10

Hello All,

I am having an issue with the Traditional mode VPN not coming up when we replace our old 3200 appliance on R80.20, with a new one and install R81.10 with the exact same config. this is not in cluster mode, its just an active and a cold spare gateway.

 

Description:

Check Point 3200 appliance (cold spare) was prepared with R81.10 fresh install and the latest JHF installed.

It replaced the old 3200 appliance which had R80.20 and Traditional mode VPNs in the policy.

SIC was established and after policy installation (no changes were made to the policy), the VPN does not come up.

Local traffic capture shows packets being encrypted and routed through the correct interface.

Remote peer (gateway managed by the same SMS and on R80.20) capture does not show any packets being received at all. Nothing in logs and zdebug drop.

Local VPN debug (ike.elg) does not populate anything after starting the debug using “vpn debug ikeon”

Remote VPN debug (ike.elg) shows only packets before the migration.

When we switch back to the old firewall, VPN comes up fine after SIC reset and Policy install.

 

Not sure if the traditional mode VPN configuration is supported on R81.10, but I did not find any such statement. so there must be something that we are missing. may be vpn configuration file that has been edited?

Management Server is on R81.10.

0 Kudos
5 Replies
Attiq_
Explorer
‎2022-09-15 06:26 AM

@_Val_ looking for some advise here 🙂

0 Kudos
_Val_
Admin
Admin
‎2022-09-15 11:55 PM
In response to Attiq_

Please take it with TAC. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-09-15 06:33 AM

Contact TAC to get this resolved - Traditional mode VPN is a legacy leftover that is better not used anymore...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq_
Explorer
‎2022-09-15 06:35 AM
In response to G_W_Albrecht

@G_W_Albrecht Thanks. I have already raised a case.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-15 08:17 AM

We introduced Simplified Mode more than a decade ago (going back to NG AI/R55 at least).
When upgrading to R8x, we even warn you about the need to convert to Simplified Mode: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

While TAC may be able to assist you, I strongly recommend focusing your efforts on converting to Simplified Mode.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events