CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: S2S VPN is getting disconnected frequently

  1. #1
    Join Date
    2012-06-13
    Posts
    366
    Rep Power
    7

    Default S2S VPN is getting disconnected frequently

    Hi there,

    I have two firewalls being managed by same mgmt server and suddenly I started facing issue with VPN. The tunnel between these two firewalls goes down very frequently. If I reset it from one of the firewall it starts. While debugging I noticed that in VPN tu command I see two SAs are being created for P1 and if I delete it by option 7; It starts perfectly

    I did all the troubleshooting but unable to find any clue. Can someone please shed some light on the issue?

  2. #2
    Join Date
    2012-07-10
    Location
    Zurich, Switzerland
    Posts
    257
    Rep Power
    7

    Default Re: S2S VPN is getting disconnected frequently

    Go to $FWDIR/log on both firewalls and perform the following commands:

    vpn debug on
    vpn debug ikeon

    Let the debug run for some time and check if the file $FWDIR/log/ike.elg is growing.

    Then stop the vpn debug with
    vpn debug ikeoff
    vpn debug off

    Then copy the file ike.elg from the firewall gateways to your local machine and open them with the IKEVIEW utility.
    It lets you analyse in detail what the 2 gateways exactly negotiate in P1 and P2

    hth

  3. #3
    Join Date
    2012-06-13
    Posts
    366
    Rep Power
    7

    Default Re: S2S VPN is getting disconnected frequently

    Hahah...dont you think I have not done that? That is the first thing I done and it does not show anything. However I found below error while doing fw ctl zdebug

    dropped by do_outbound, reason: encryption failed

Similar Threads

  1. Replies: 22
    Last Post: 2016-06-12, 09:02
  2. clusterXL switch each other frequently
    By erniehong in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2013-01-10, 14:33
  3. VPN is disconnecting frequently with Peer Cisco
    By brijesh_techno in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 9
    Last Post: 2009-04-23, 15:33
  4. Nortel director going down frequently
    By bravobritto in forum Nortel ASF/NSF
    Replies: 9
    Last Post: 2007-12-19, 01:51
  5. VPN Tunnels are down frequently
    By sameer_rane in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2007-10-19, 06:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •