CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: site-to-site VPN issues, connection dropping during data transfers

  1. #1
    Join Date
    2017-11-07
    Posts
    1
    Rep Power
    0

    Default site-to-site VPN issues, connection dropping during data transfers

    Hi,

    Hope somebody can help, we have two issues developing with site-to-site VPN connections (different tunnels) The users are connecting and the tunnel comes up and they start work, One is a sftp transfer and the other is a data export. During this time (randomly) the connection fails and they have to reconnect, sometimes it comes back up straight away or takes a few minutes. I'm new to checkpoint and would like some pointers as to were to start to trouble shoot this issue please.

    R77.30
    Hardware 4000 appliance
    Clustered

    Thanks for your time,
    MarkL

  2. #2
    Join Date
    2006-09-26
    Posts
    3,140
    Rep Power
    15

    Default Re: site-to-site VPN issues, connection dropping during data transfers

    Quote Originally Posted by MarkL View Post
    Hi,

    Hope somebody can help, we have two issues developing with site-to-site VPN connections (different tunnels) The users are connecting and the tunnel comes up and they start work, One is a sftp transfer and the other is a data export. During this time (randomly) the connection fails and they have to reconnect, sometimes it comes back up straight away or takes a few minutes. I'm new to checkpoint and would like some pointers as to were to start to trouble shoot this issue please.

    R77.30
    Hardware 4000 appliance
    Clustered

    Thanks for your time,
    MarkL
    need more info:

    1- Your checkpoint: Are you running any Jumbo Hotfix? Please share the output of "installed_jumbo_take" on both the management and the gateways.
    2- What is on the other side? Is it also checkpoint or something else?
    3- do you have identical encryption domain on both ends?
    4- do you have identical phase I and phase II timeout settings on both sides?
    5- When it is NOT working, did you run "tcpdump -nnni host x.x.x.x \(port 500 or port 4500 or proto 50\) to confirm that ESP traffics is leaving your checkpoint box?
    6- did you enable "vpndebug ike on" and look at the ike.elg file via IKEView?

    Please share those info and we can hopefully help.

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,622
    Rep Power
    9

    Default Re: site-to-site VPN issues, connection dropping during data transfers

    Quote Originally Posted by MarkL View Post
    Hi,

    Hope somebody can help, we have two issues developing with site-to-site VPN connections (different tunnels) The users are connecting and the tunnel comes up and they start work, One is a sftp transfer and the other is a data export. During this time (randomly) the connection fails and they have to reconnect, sometimes it comes back up straight away or takes a few minutes. I'm new to checkpoint and would like some pointers as to were to start to trouble shoot this issue please.

    R77.30
    Hardware 4000 appliance
    Clustered

    Thanks for your time,
    MarkL
    maybe sk106591?

  4. #4
    Join Date
    2006-09-26
    Posts
    3,140
    Rep Power
    15

    Default Re: site-to-site VPN issues, connection dropping during data transfers

    Quote Originally Posted by jflemingeds View Post
    maybe sk106591?

    sk106591 talked about Endpoint VPN client. How does it apply to Site-2-Site VPN? they are two different right?

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,622
    Rep Power
    9

    Default Re: site-to-site VPN issues, connection dropping during data transfers

    Quote Originally Posted by cciesec2006 View Post
    sk106591 talked about Endpoint VPN client. How does it apply to Site-2-Site VPN? they are two different right?
    Hmm yes they are two different. Not sure where I got this being end point issue.

Similar Threads

  1. R77.30 and strongswan site to site security association issues
    By cpdre in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2016-12-05, 16:43
  2. Strange NAT issues over site to site VPN - 2 x R70.10 splat peers
    By dmease in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2011-08-15, 15:36
  3. UTM-1 Edge Site-to-Site VPN issues between NGX R65 and NGX R71.30
    By mick.ryan@cca.com in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2011-05-26, 15:43
  4. Issues in site-to-site VPN b/w Checkpoint R65 and Netscreen
    By dreambuddy in forum Interoperability
    Replies: 6
    Last Post: 2008-08-13, 19:25
  5. Site-to-Site VPN routing issues
    By mogmismo in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 4
    Last Post: 2007-07-30, 02:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •