Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ilovecheckpoint
Participant

VPN between Checkpoint domains seens as down

Hello,

In our organisation we have more Checkpoint domains. 

Communication between domains is done via domain based vpn.

All vpn are seen as up, but one is showed as down (all time I check it) on SmartView Monitor, instead all the others are seen as up.

This vpn is up and running.

I have noticed, tunnel_test last time received was yesterday and it is only from gatewaysite1 to gatewaysite2

 and never on the other direction.

I would like to see it correctly up.

 

 

0 Kudos
3 Replies
the_rock
Legend
Legend

We need more info. Did you do basic vpn debug? tcpdump? fw monitor? what does vpn tu tlist show?

Andy

0 Kudos
Ilovecheckpoint
Participant

Hello,

On gatewaysite1, vpn tu tlist shows all vpn tunnels by subnet as ipsec. None of the vpn is showed as connected, but all other tunnels are seen up On Smartview Monitor  (they are all CheckPoint gateways).On gatewaysite2, vpn tu tlist shows all vpn tunnels by subnet as ipsec connected. On Smartview Monitor, on permanent tunnel it shows as connected, but only on tunnels by gateways or tunnels by community. On permanent tunnels is empty. 

 

0 Kudos
Lesley
Leader Leader
Leader

So tunnel is working but shows as down in SmartView monitor? If it is Check Point to Check Point you have to use permanent tunnels and working tunnel test. If it is Check Point towards different device (non CP) it will be DPD. 

Any difference with other tunnels? All run IKEv1 or v2? Allowed tunnel test port on both sides?

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events