Re: Traffic dropped with IKE failure error

diburaj · ‎2022-05-26

Hello

I am facing a strange issue , one of my IP from the DC server is not able to communicate to the branch side. From the branch side the DC server IP is reachable.

I am getting the attached error " Encryption failure : Error occurred and rejected category: IKE failure"

Did anyone came across similar issue.

I have other IPs from the datacenter which is communicating to branch site without any issues.

Verified the Tunnel is up , Policies are in place, renegotiated the tunnel

OS version : R81 Take 65

the_rock · ‎2022-05-26

Ok, so you are saying that vpn tunnel shows as up? If so, is this only traffic within it that is failing?

Andy

Best,
Andy

diburaj · ‎2022-05-27

Yes, The tunnel is up and the traffic is passing without any issue for all other IPs.

For a specific IP i am getting the error. The strange part is the Server IP is reacheable from the branch.

There are no policy blocking the traffic.

Is there any specific debug that i can run to understand the reason for the block.

the_rock · ‎2022-05-27

There is, follow below, you can leave it on for hours.

from expert mode:

vpn debug trunc

vpn debug ikeon

-generate traffic for problematic IP (s)

vpn debug ikeoff

Get ike.elg and vpnd.elg files from $FWDIR/log directory from fw and review to see if that IP gives any relevant info. Based on all you told us, to me logically, sounds like there is something with that server thats an issue and not vpn itself.

Just my 2 cents.

Andy

Best,
Andy

davinder083 · ‎2023-08-18

Hi @diburaj

Did you get any solution for this ? If yes can you please share with us.

Jesus · ‎2024-02-27

hello, try disabling Early Drop on the active node

https://support.checkpoint.com/results/sk/sk111643

the_rock · ‎2024-02-27

That may help.

Andy

Best,
Andy

Are you a member of CheckMates?

Traffic dropped with IKE failure error