Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
10 Replies
_Val_
Admin
Admin

First of all, R80.20 is out of support for a while. That said, please provide more details so people can understand the situation better.

0 Kudos
Srihari_E
Participant

Tag(s) Added: We are using 4000 appliances version R80.20, last month we changed the cisco router c1111-4p, After that remote access vpn clients are facing vpn disconnections frequently(every 2seconds). Could you please help me whether this is a router issue or firewall issue. Because we do not changed any configuration in the firewall.

0 Kudos
the_rock
Legend
Legend

Have a look at below, but again, as Val said, R80.20 is totally unsupported, even R80.40 will be this month, so please upgrade to at least R81 base. 

Maybe this helps

https://community.checkpoint.com/t5/Remote-Access-VPN/VPN-Client-disconnects-after-one-hour/td-p/520...

 

0 Kudos
Timothy_Hall
Champion Champion
Champion

Any NATting happening on the new Cisco router?  Is there an ACL on this new router that could be blocking tunnel test traffic?  Is Visitor Mode in use by your clients?

sk44075: Endpoint Connect client disconnects every 20 seconds after connecting successfully to VPN G...

sk121992: Remote Access client connects successfully but is disconnected after 10 minutes

sk172184: Remote Access client behind NAT disconnects after 20 seconds in Visitor Mode

sk149232: Endpoint Security VPN client gets disconnected from the VPN approximately every 20 minutes

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

We had exact issue with a customer about 3 years ago and after multiple TAC sessions and debugs, issue simply resolved itself...how, I have no clue, we never found out, just one day everything worked.

Andy

0 Kudos
Srihari_E
Participant

yes, we have natting and ACL rules in router. But there is no any restrictions for ipsec. 

cisco 1111-4p is  not supporting snmp-server enable traps ipsec and ike commands.

0 Kudos
the_rock
Legend
Legend

I dont know if debug commands on Cisco router are same as on ASA, but if you type word debug, it may give you all the options. You can also probably try run capture to see if any issues.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

4000 series appliance is EOL.

If the issue occured after swapping the router, how are the interface counters & QoS configuration?

CCSM R77/R80/ELITE
0 Kudos
Srihari_E
Participant

All other services are working fine, site to site vpn is also working fine. only remote vpn access is not working. \

Note: Remote access vpn is connecting and disconnecting after 5 seconds.

0 Kudos
the_rock
Legend
Legend

Did you consider links Tim and myself sent?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events