This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gacki
Participant
‎2022-12-20 12:46 AM

VPN SITE TO SITE

Hello,

I set up a vpn site to site with a partner, unfortunately after 30 minutes from setting up the vpn stops going through the second phase of IKE, what could be the problem?
We have the same vpn settings for phase 1 and phase 2

Thank you.

0 Kudos
11 Replies
G_W_Albrecht
Legend
Legend
‎2022-12-20 01:30 AM

What about the peers details ? What is the error shown in logs ? 

CCSE CCTE CCSM SMB Specialist
0 Kudos
Blason_R
Leader
Leader
‎2022-12-20 02:49 AM

VPN v1 or v2?

Start debug and see where is that failing. Hope you are aware of vpn debug commands?

vpn debug trunc

vpn debug ikeon

vpn debug on

 

once done

vpn debug ikeoff

vpn debug off

fw ctl debug 0

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-20 03:41 AM
In response to Blason_R

> VPN v1 or v2?

You mean IKE ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Blason_R
Leader
Leader
‎2022-12-20 09:37 PM
In response to G_W_Albrecht

That is correct - Wondering what was the IKE version and what is the tunnel type? Route based or policy based?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-21 12:30 AM
In response to Blason_R

Did not answer...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Gacki
Participant
‎2022-12-21 12:33 AM
In response to Blason_R

Policy base, IKEv2

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-21 01:27 AM
In response to Gacki

So give us information - we only know that you have two VPN peers and use IKEv2, but no more details: no error messages, no log entries, so nobody can tell you anything usefull by now... 

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2022-12-21 07:00 AM
In response to Gacki

I agree with @G_W_Albrecht . You did not give us much info, except its ikev2 and policy based. Thats great, but as he said, we need errors, logs you see, where it fails, phase 1, phase 2? @Blason_R provided you excellent basic VPN debug that TAC would ask you to do anyway, but you may as well call them and get this fixed, way better over remote.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-21 04:12 AM

I would suggest that you contact TAC - a quick RAS could find the issue easily and it will be resolved soon. As you do not want to explain anything here i see no other possible way...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Blason_R
Leader
Leader
‎2022-12-21 07:18 PM
In response to G_W_Albrecht

Or best way I would recommend is try disabling vpn acceleration. That has helped me lot many times.

vpn accel off -> This would reinitialize the IKE session.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Lloyd_Braun
Collaborator
‎2022-12-21 10:39 AM

I have had issues with Cisco ASA VPN peers that leave their default vpn-idle-timeout at 30 minutes. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events