Support Center > Search Results > SecureKnowledge Details
Site-to-Site VPN tunnel fails after some time and has to be renegotiated, if the IKEv2 SA was initiated by the peer
Symptoms
  • Site-to-Site VPN tunnel fails after some time and has to be renegotiated, if the IKEv2 SA was initiated by the peer.
Cause

When a VPN peer rekeys the IKS SA in Create Child SA (CREATE_CHILD_SA) message exchange, Check Point Security Gateway incorrectly sends Initial Exchange messages instead of Create Child SA (CREATE_CHILD_SA) message.


Solution
Note: To view this solution you need to Sign In .