CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 3 of 3

Thread: VPN S2S CheckPoint x Aker

  1. #1
    Join Date
    2017-08-08
    Posts
    1
    Rep Power
    0

    Default VPN S2S CheckPoint x Aker

    Hello guys,
    We are having trouble establishing a VPN with Aker firewalll.
    The VPN goes up, is functional, after 8 hours (lifetime) I see in the Smartview Tracker the message (Informational Exchange Sent Delete IKE-SA to Peer:
    The VPN stays from 8 to 10 minutes without passing traffic, after this period everything returns to normal.

    Any suggestion?
    We checked the settings between CP and Aker.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,051
    Rep Power
    12

    Default Re: VPN S2S CheckPoint x Aker

    Quote Originally Posted by romarioah View Post
    Hello guys,
    We are having trouble establishing a VPN with Aker firewalll.
    The VPN goes up, is functional, after 8 hours (lifetime) I see in the Smartview Tracker the message (Informational Exchange Sent Delete IKE-SA to Peer:
    The VPN stays from 8 to 10 minutes without passing traffic, after this period everything returns to normal.

    Any suggestion?
    We checked the settings between CP and Aker.
    Just because the VPN tunnel can establish doesn't mean the IKE Phase 1 SA Lifetime (expressed in minutes on Check Point) and the Phase 2/IPsec SA Lifetime (expressed in seconds on Check Point) actually match between the two firewalls. Check them again.

    The Delete SA functionality typically doesn't work very well in an interoperable scenario so making absolutely sure the SA Lifetimes match is critical. Failing that you can enable DPD on the Aker and enable it on the Check Point side as specified in sk97746. Also make sure the Aker doesn't have a Data Lifesize or any kind of idle timer set for their tunnel to you, although those sound unlikely to be your problem based on what you are describing.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  3. #3
    Join Date
    2007-06-04
    Posts
    3,235
    Rep Power
    15

    Default Re: VPN S2S CheckPoint x Aker

    https://supportcenter.checkpoint.com...08600#Scenario 4

    Possibly Scenario 4 in sk108600 occurring.

    When seen similar things to this then is how have resolved.

Similar Threads

  1. Checkpoint to checkpoint VPN and management server
    By carl_t in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 6
    Last Post: 2016-03-16, 08:14
  2. How to backup checkpoint through CLI in Nokia IP330 + Checkpoint NG FP1
    By stuart in forum Check Point Backup Procedures
    Replies: 0
    Last Post: 2007-04-05, 05:47
  3. Checkpoint to non-Checkpoint Config needed
    By lowfell in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2007-03-27, 12:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •