This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bcrazy
Participant
‎2024-08-20 02:46 PM
Jump to solution

ipSec VPN Tunnel to Azure, manually trigger Phase2 rekey?

I have a successful VPN Tunnel to Azure VPN Gateway. Everything is good, but after a recent internet outage I observed that the tunnel took some time to come up again. It seems that the tunnel came up when Phase2 rekeyed. Is there a manual way to trigger Phase2 rekey? (It may have been triggered by passing traffic, so if you can confirm this solution it would also be helpful.)

0 Kudos
2 Solutions

Accepted Solutions
CaseyB
Advisor
‎2024-08-21 05:55 AM
Jump to solution

Unless you have some sort of DPD or tunnel monitoring traffic in place, an IPsec tunnel is only going to establish when traffic is going across it.

You can specifically clear the Phase 2 IKE SA's from the CLI, but that is not a rekey, rekeys happen at defined intervals, so you would need to generate some Phase 2 traffic after clearing them. If you need to reset a tunnel, that is done for both Phase 1 & 2.

View solution in original post

bcrazy
Participant
‎2024-08-21 03:43 PM
In response to CaseyB
Jump to solution

Thank you, I did need to delete all ike and ipsec associations then pass traffic. The command I was looking for was vpn tu

View solution in original post

0 Kudos
3 Replies
CaseyB
Advisor
‎2024-08-21 05:55 AM
Jump to solution

Unless you have some sort of DPD or tunnel monitoring traffic in place, an IPsec tunnel is only going to establish when traffic is going across it.

You can specifically clear the Phase 2 IKE SA's from the CLI, but that is not a rekey, rekeys happen at defined intervals, so you would need to generate some Phase 2 traffic after clearing them. If you need to reset a tunnel, that is done for both Phase 1 & 2.

bcrazy
Participant
‎2024-08-21 03:43 PM
In response to CaseyB
Jump to solution

Thank you, I did need to delete all ike and ipsec associations then pass traffic. The command I was looking for was vpn tu

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2024-08-21 06:32 AM
Jump to solution

Maybe try a policy push not 100% sure.

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top