AnsweredAssumed Answered

IPSec Tunnel to AWS VPC - Sporadically drops after Policy Install

Question asked by Saul Schwartz on Feb 16, 2018
Latest reply on Mar 21, 2018 by Günther W. Albrecht

I've got a strange, lingering issue. Our R77.30 Gateway has quite a few IPSec Site-to-Site VPN tunnels terminating on it, and a few of them are on AWS. I've played with the settings in the IPSec community and encryption on several of them and still experience the same behavior.


1. The tunnel can be up, operating normally, passing traffic at an acceptable rate.

2. After I install policy to the gateway, *sometimes*, traffic will no longer traverse the tunnel. 

   2a. This is random - I would say 10% of the time, it will happen.

   2b. Pushing policy again fixes it.


Disclaimer - I set up the VPN like i've always done with other sites (external site using ASA, Palo, etc) - using an interoperable device/PSK/IPSec Community. I just recently found this sk:


How to configure IPsec VPN tunnel between Check Point Security Gateway and Amazon Web Services VPC using static routes 


Could not using VTI's be my issue? I'll be honest, i'm not familiar with VTI's or MSS clamping or dead peer detection.