AnsweredAssumed Answered

VPN with DAIP, certificates and permanent tunnels

Question asked by Alex Gilis on Dec 6, 2018
Latest reply on Dec 10, 2018 by Maarten Sjouw

I followed the superb walkthrough written by Danny Jung in order to establish a VPN between a Checkpoint 700 series (locally managed) and a central cluster of 5600 series gateways running R80.10.

 

While the setup worked, I encountered a rather strange issue, I could not troubleshoot a lot due to time and location constraints, and the customer was satisfied with the solution anyway.

 

In short, when I reboot the 700, traffic initiated from its LAN to the central location works immediately (a ping test from a local PC to a central server for instance), while traffic initiated from the central location to the remote LAN takes like 30 seconds to get established then goes on. This could be reproduced by rebooting the small appliance. The log didn't report any particular errors. Given it worked after that time and the VPN is used for a low-importance application, the customer didn't want to put any more efforts in analyzing this. Any idea why it would happen? Since pings replies immediately if initiated from the satellite location, I would think the VPN is directly bidirectional.

Outcomes