This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
faheb1
Explorer
‎2022-08-18 11:05 PM

VPN traffic getting blocked

HI
Im getting this problem,

Source: Print Server(172.20.15.52)

Dest: Printer(192.168.15.210)

Src and Dst are under a Site to site VPN.

I have checked the logs. I have attached the logs. What might be the issue ?

there are other log which seeems to be allowed check 4.log image

 

Firewall: Checkpoint SMB Appliance 910
Firemware: R77.30
Preview file
77 KB
Preview file
91 KB
Preview file
108 KB
Preview file
23 KB
0 Kudos
9 Replies
Piet_vd_Maas
Contributor
Contributor
‎2022-08-19 12:12 AM

2.logs.png shows an IKE failure. 

Is other traffic working trough that VPN tunnel?

CCSM Elite
0 Kudos
faheb1
Explorer
‎2022-08-19 12:21 AM
In response to Piet_vd_Maas

I have seen one log that icmp/ping is working. but cant find the log now.

Besides, Log4 image shows that some traffic is flowing. however, majority is getting block for that destination. What should i check ? recently the PeerGateway ip was changed. after that we are having this problem.  My client tried traceroute from his ip

Source: 172.20.15.76

Fw LAN : 192.168.50.54 (Form Core Switch)

C:\Users\scanpp>tracert 192.168.15.210

Tracing route to 192.168.15.210 over a maximum of 30 hops

1 1 ms 2 ms 1 ms 172.20.15.1
2 <1 ms * * 172.20.15.2 (Core Switch)
3 <1 ms <1 ms <1 ms 192.168.50.54 --- FW
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12

0 Kudos
faheb1
Explorer
‎2022-08-19 12:22 AM
In response to faheb1

[Expert@ScanConnectFW02]# vpn tu

********** Select Option **********

(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users

(Q) Quit

*******************************************

4

Enter IP of peer (format: xxx.xxx.xxx.xxx): A.A.A.A

Peer A.A.A.A SAs:

1. SPI's related to IKE SA <20012e163a402797,684343b0201ad46e>:

2. SPI's related to IKE SA <24e22e54dfdc23ea,74aa4a4a736e535f>:

3. SPI's related to IKE SA <d27a77ee1af9ceda,73239d6b0a6514c3>:

4. SPI's related to IKE SA <72b61a621efe15d6,26f908e01a73194f>:

 

Hit <Enter> key to continue ...

0 Kudos
AndréTinoco
Contributor
Contributor
‎2022-08-19 01:08 AM
In response to faheb1

Phase2 doesn't seem to be completed. Can you check logs between the two public addresses (of the vpn peers) to see the VPN negotiation?

Confirm the P2 configuration on both sides and confirm the networks are also the same on both sides. Also confirm you have security rules on your side for that traffic.

0 Kudos
Piet_vd_Maas
Contributor
Contributor
‎2022-08-22 12:18 AM
In response to Piet_vd_Maas

Is your issue solved?

CCSM Elite
0 Kudos
faheb1
Explorer
‎2022-08-22 05:28 AM
In response to Piet_vd_Maas

I have used Ikeview and found that Phase-1(P1 Main mode) ok but Phase2 QM Packet-1 has errors. I have asked the remote Gateway admin to share the config. Need to cross check if there are any changes in their side config.

Can someone tell me Why Egress traffic are failing but Ingress traffic is getting in ??

 

Preview file
155 KB
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-08-22 09:56 AM
In response to faheb1

Phase 2 is in my experience always an issue with vpn domains not being presented properly or supernatting. Make sure that remote gateway interoperable object is set with right encryption domain.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Piet_vd_Maas
Contributor
Contributor
‎2022-08-22 10:48 AM
In response to the_rock

Sounds like a routing issue indeed. @faheb1 you also mentioned the issues started after a IP change of the peer gateway. 

CCSM Elite
faheb1
Explorer
‎2022-08-23 12:40 AM
In response to Piet_vd_Maas

Hi

Checked the routing. Found a problem . It seems like a typo. I have fixed it. Need to check it tomorrow by client. VPN shows up. I will let you know the result.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 16 Jun 2026 @ 09:30 AM (BST)

    DDOS MasterClass in London!
    In-Person

    Tue 16 Jun 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    CheckMates Events