The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Not possible to establish Site-to-Site VPN tunnel with LSV peer, which is a DAIP device
| Solution ID |
sk109473 |
| Product |
IPSec VPN |
| Version |
R77.30 |
| Platform / Model |
All |
| Date Created |
05-Jan-2016
|
| Last Modified |
26-Jan-2016
|
Symptoms
Not possible to establish Site-to-Site VPN tunnel with Large Scale VPN (LSV) peer, which is a DAIP device.
Debug of VPND daemon (per sk89940) during the issue shows that it crashes and is restarted right after the VPN peer is identified as LSV:
... ... ...
[ PID1][Date Time][LSV] matchPeerToLsvProfile: peer XXX matches LSV profile <Name_of_Profile>.
[ PID1][Date Time][] GetEntryCommunityLsvHash: CommunityLsvHash size = 1, received dn: <Name_of_Profile> as key, found community: <Name_of_Community>
[ PID1][Date Time][] FindCommonCommunity: Found common community <Name_of_Community> with LSV profile <Name_of_Profile>
[ikev2] getIKEVersionForCommunity: Community configured to use IKEv1 only.
[vpnd PID2 ...]@HostName[Date Time] vpnd: DDD MMM DD HH:MM:SS YYY
[vpnd PID2 ...]@HostName[Date Time] ------------ VPND Starting: DDD MMM DD HH:MM:SS YYY
... ... ...
$FWDIR/log/fwd.elg repeatedly shows "fwd: restarting vpnd".
After enabling generation of core dump files per sk92764 / sk53363, core dump files for 'VPND' process were generated in the /var/log/dump/usermode/ directory.
Cause
VPND daemon crashes during IKE Phase1 after the IP address of LSV peer, which is a DAIP device.
Solution
|
Note: To view this solution you need to
Sign In
.
|
