CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Internet Requirements for a VPN Tunnel

  1. #1
    Join Date
    2017-02-06
    Posts
    16
    Rep Power
    0

    Default Internet Requirements for a VPN Tunnel

    We are having issues with many of our vpn tunnels, they are going up and down almost constantly. We are wondering if it may be due to inadequate internet services. Does anyone know what the minimum internet requirements would be for a stable tunnel? Do they have to have the same up/down speed? Do they have to have the same speed as the connection they are peering to? We have 25 up and 5 down at the remote locations and at the peer point (but are getting ready to change the peer to 200/200). Thoughts? Does anyone have any idea where I might find articles on it?

    Any insight is appreciated.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    16

    Default Re: Internet Requirements for a VPN Tunnel

    Quote Originally Posted by terri8369 View Post
    We are having issues with many of our vpn tunnels, they are going up and down almost constantly. We are wondering if it may be due to inadequate internet services. Does anyone know what the minimum internet requirements would be for a stable tunnel? Do they have to have the same up/down speed? Do they have to have the same speed as the connection they are peering to? We have 25 up and 5 down at the remote locations and at the peer point (but are getting ready to change the peer to 200/200). Thoughts? Does anyone have any idea where I might find articles on it?

    Any insight is appreciated.
    Up/down speeds should not matter unless there is ridiculously high jitter and/or packet loss. The only ports that typically need to be passed are UDP/500, ESP (IP Proto 50) and perhaps UDP/4500 if NAT is present between the two endpoints.

    More likely culprits for tunnels dying prematurely are mismatched Phase 1 and Phase 2 SA Lifetimes, mismatched or nonexistent Data Size Lifetimes, or the use of a VPN Idle timer on on side. If the VPN is between a Check Point and any other vendor, Delete SAs don't seem to work.properly so anything that brings the tunnel down early will cause the tunnel.to hang..

    If you could post some more details of what you are seeing I can diagnose further.
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Similar Threads

  1. Permanent tunnel showing down in SmartView Monitor, but tunnel is working?
    By bosox1256 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 11
    Last Post: 2017-02-16, 09:12
  2. Redundancy between IPsec Tunnel and Internet line
    By blason in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2014-01-31, 13:39
  3. R70.1 RAM requirements
    By quartino in forum Installing And Upgrading
    Replies: 4
    Last Post: 2009-08-27, 18:18
  4. Trying to route internet site over VPN tunnel
    By BrianT in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2009-03-14, 05:10
  5. Internet access through a VPN tunnel
    By gblaze42 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2007-09-09, 22:34

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •