This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
diburaj
Explorer
a month ago

Traffic dropped with IKE failure error

Hello 

 

I am facing a strange issue , one of my IP from the DC server is not able to communicate to the branch side. From the branch side the DC server IP is reachable.

I am getting the attached error " Encryption failure : Error occurred and rejected category: IKE failure"

Did anyone came across similar issue.

 

I have other IPs from the datacenter which is communicating to branch site without any issues.

Verified the Tunnel is up , Policies are in place, renegotiated the tunnel 

 

OS version : R81 Take 65 

 

 

Preview file
32 KB
0 Kudos
3 Replies
the_rock
Champion
Champion
a month ago

Ok, so you are saying that vpn tunnel shows as up? If so, is this only traffic within it that is failing?

Andy

0 Kudos
diburaj
Explorer
a month ago
In response to the_rock

Yes, The tunnel is up and the traffic is passing without any issue for all other IPs.

For a specific IP i am getting the error. The strange part is the Server IP is reacheable from the branch.

There are no policy blocking the traffic.

 

Is there any specific debug that i can run to understand the reason for the block.

 

0 Kudos
the_rock
Champion
Champion
a month ago
In response to diburaj

There is, follow below, you can leave it on for hours.

from expert mode:

vpn debug trunc

vpn debug ikeon

-generate traffic for problematic IP (s)

vpn debug ikeoff

Get ike.elg and vpnd.elg files from $FWDIR/log directory from fw and review to see if that IP gives any relevant info. Based on all you told us, to me logically, sounds like there is something with that server thats an issue and not vpn itself.

Just my 2 cents.

Andy

0 Kudos