CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: IPSEC tunnel see Phase1 and Phase 2 details from CLI

  1. #1
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Hi guys,

    Any chance I can see details about negotiated Phase 1 parameters from CLI?
    I have a site-to-site between two internally managed CPs and want to find out what are the NEGOTIATED parameters for Phase 1.

    Except ike.elg output, is there any other magic CLI command?

    Thanks!

    L.E. I played a little with fw tab -t IKE_SA_table -s and couldn't find anything useful

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by laf_c View Post
    Hi guys,

    Any chance I can see details about negotiated Phase 1 parameters from CLI?
    I have a site-to-site between two internally managed CPs and want to find out what are the NEGOTIATED parameters for Phase 1.

    Except ike.elg output, is there any other magic CLI command?

    Thanks!

    L.E. I played a little with fw tab -t IKE_SA_table -s and couldn't find anything useful
    The table you need to look in is MSPI_by_methods. May want to check out "sk104760: ATRG: VPN Core" when you get a chance, long but very useful reading.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by ShadowPeak.com View Post
    The table you need to look in is MSPI_by_methods. May want to check out "sk104760: ATRG: VPN Core" when you get a chance, long but very useful reading.
    That's way better than I hoped.
    Now where can I find out more about the methods:

    15:42:20 6x.4y.6z.6 > : (+); PeerGW: 6x.4y.4z.4; ,Methods1: 533; ,Methods2: 2;

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by laf_c View Post
    That's way better than I hoped.
    Now where can I find out more about the methods:

    15:42:20 6x.4y.6z.6 > : (+); PeerGW: 6x.4y.4z.4; ,Methods1: 533; ,Methods2: 2;
    Did you try passing -f as an option?
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  5. #5
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by ShadowPeak.com View Post
    Did you try passing -f as an option?
    Yep, I used -fr and it resulted into method ID 533. What does this suppose to mean?

  6. #6
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by laf_c View Post
    Yep, I used -fr and it resulted into method ID 533. What does this suppose to mean?
    Not sure, could be a bitmask indicating what protocols are in use or a key for referencing the actual settings in another table somewhere. Poked around for awhile in /lib/ files and some other kernel tables and came up empty.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  7. #7
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: IPSEC tunnel see Phase1 and Phase 2 details from CLI

    Quote Originally Posted by ShadowPeak.com View Post
    Not sure, could be a bitmask indicating what protocols are in use or a key for referencing the actual settings in another table somewhere. Poked around for awhile in /lib/ files and some other kernel tables and came up empty.
    Yeah I would guess enc and hashing. Try comparing with ikeview output.

Similar Threads

  1. IPSEC Phase1 MM packet 1
    By laf_c in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 9
    Last Post: 2017-06-16, 18:38
  2. Radius over IPSEC tunnel
    By michael_d in forum Authentication
    Replies: 5
    Last Post: 2012-08-13, 07:07
  3. HOW TO IDENTIFY TRAFFIC USING IPSEC TUNNEL AND NON TUNNEL TRAFFIC ON CHECKPOINT SMART
    By gbollyd in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 4
    Last Post: 2011-09-21, 09:10
  4. IPsec vpn tunnel question
    By ultraming in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2010-09-16, 21:17
  5. How to kill IPSEC tunnel using fw sam?
    By similhom in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2006-10-16, 10:10

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •