Here we could see if the PSK (pre-shared key) is incorrect for example, or if IKE packets are dropped. Then also check the other way around, GWA as destination and GWB as source. Sort traffic with GWA as source, and GWB as destination. The tunnel will then show as down from GWAs perspective since it assumes that GWB will send the tunnel test packageģ. Another issue could arise if GWB is not a Check point gateway, but the permanent tunnel is activated anyway. So why it is down could be as simple as no traffic has been sent into the tunnel. This means that the tunnel will be down, and not appear in this list until traffic is sent in it. If we have a tunnel from our Check Point gateway (GWA) to a non-check point gateway (GWB) we cannot use permanent tunnels. The reason for this is packets lost in transit, maybe due to DDoS protections, routing on internet or other issues.
We will then see that the tunnel looks to be up from one side, but not the other. However we could be in a situation where packets from GWA to GWB arrive, but not in the opposite direction (GWB to GWA). If GWA does not receive these packets, it will think the tunnel is down. If the “Permanent tunnel” is activated on the VPN community (both gateways need to be Check Point) they will exchange UDP tunnel test packages (Name: tunnel_test, UDP/18234). One issue we could see here is for example that the tunnel is UP from GWA perspective, but DOWN from GWB perspective. Now go to “Tunnels on Gateway” again and select GWB (if both gateways are managed by the same management server).
Up – Init means that it is trying to establish the tunnel, and will probably mean that in a few seconds the tunnel will go to DOWN state or UP state. First select GWA in the list and review if the tunnel in question is UP, DOWN or Up – Init.Go here to see the detailed process with screen shots. I've included the high level steps below. Hi there, one of our community members created a blog post with screen shots for this issue.
0 kommentar(er)
