The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS)
| Solution ID |
sk112141 |
| Product |
vSEC for AWS |
| Version |
R77.30 |
| OS |
Gaia |
| Platform / Model |
AWS |
| Date Created |
26-Jun-2016
|
| Last Modified |
17-Jul-2017
|
Symptoms
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS).
Traffic capture shows:
- Tunnel is initiated from Check Point Security Gateway to Check Point Virtual Appliance for AWS
- The IKEv1 Quick Mode is completed
- Immediately, Check Point Virtual Appliance for AWS sends a "Delete" message
Output of "fw tab -t TABLE_NAME -s" command on Check Point Virtual Appliance for AWS shows that the relevant kernel tables are not full:
ike2espvpn_queuespeer2ikeike2peerikev2_sas
Kernel debug ('fw ctl debug -m VPN + warn mspi') on Check Point Virtual Appliance for AWS repeatedly shows:
;store_outbound_spi_in_msa: allocating esp sa in meta sa of mspi = ...;
;store_outbound_spi_in_msa: re-aligning processed key;
;store_outbound_spi_in_msa: ERROR: could not get kbuf;
;store_spi_in_table_ex: failed to store outbound esp SA;
Solution
|
Note: To view this solution you need to
Sign In
.
|
