The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
VPN tunnel of LSM gateway can not be established when CO gateway is managed by Security Management of higher version
Technical Level
Solution ID
sk106628
Technical Level
Product
IPSec VPN, SmartProvisioning
Version
R77.30, R80, R80.20, R80.30
Platform / Model
All
Date Created
28-Jun-2015
Last Modified
04-Feb-2020
Symptoms
VPN tunnel of LSM gateway can not be established when CO gateway is managed by Security Management of higher version
SmartView Tracker logs and Logs on satellite Edge devices show:
invalid id information
No response from peer
When "Update Corporate Office Gateway" action is performed in SmartProvisioning GUI, the issue is resolved.
SmartView Monitor does not show VPN tunnels from Edge devices.
Issue may start after a ISP disconnection or change.
vpnd.elg show the following:
[ 13110][18 Mar 13:45:25][] ndb_open: database 'magic number' corrupted(/opt/CPsuite-R77/fw1/state/local/FW1/robo-IKE.NDB)
[ 13110][18 Mar 13:45:25][] GetRoboRecord : Failed to open IKE DB -- Maybe not CO Gateway
[ 13110][18 Mar 13:45:25][] GetRoboObject : Failed to get ROBO object from database.
Cause
$FWDIR/conf/robo-IKE.NDB file is not copied from the Security Management Server to the central office gateway when policy is installed via SmartDashboard\SmartConsole.
