The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS)
|
Technical Level
|
Solution ID |
sk112141 |
Technical Level |
|
Product |
IPSec VPN |
Version |
R77.30 (EOL) |
OS |
Gaia |
Platform / Model |
AWS |
Date Created |
26-Jun-2016
|
Last Modified |
01-Nov-2020
|
Symptoms
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS).
Traffic capture shows:
- Tunnel is initiated from Check Point Security Gateway to Check Point Virtual Appliance for AWS
- The IKEv1 Quick Mode is completed
- Immediately, Check Point Virtual Appliance for AWS sends a "Delete" message
Output of "fw tab -t TABLE_NAME -s" command on Check Point Virtual Appliance for AWS shows that the relevant kernel tables are not full:
ike2esp
vpn_queues
peer2ike
ike2peer
ikev2_sas
Kernel debug ('fw ctl debug -m VPN + warn mspi
') on Check Point Virtual Appliance for AWS repeatedly shows:
;store_outbound_spi_in_msa: allocating esp sa in meta sa of mspi = ...;
;store_outbound_spi_in_msa: re-aligning processed key;
;store_outbound_spi_in_msa: ERROR: could not get kbuf;
;store_spi_in_table_ex: failed to store outbound esp SA;
Solution
|
Note: To view this solution you need to
Sign In
.
|