Support Center > Search Results > SecureKnowledge Details
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS)
Symptoms
  • Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS).

  • Traffic capture shows:

    1. Tunnel is initiated from Check Point Security Gateway to Check Point Virtual Appliance for AWS
    2. The IKEv1 Quick Mode is completed
    3. Immediately, Check Point Virtual Appliance for AWS sends a "Delete" message
  • Output of "fw tab -t TABLE_NAME -s" command on Check Point Virtual Appliance for AWS shows that the relevant kernel tables are not full:

    • ike2esp
    • vpn_queues
    • peer2ike
    • ike2peer
    • ikev2_sas
  • Kernel debug ('fw ctl debug -m VPN + warn mspi') on Check Point Virtual Appliance for AWS repeatedly shows:

    ;store_outbound_spi_in_msa: allocating esp sa in meta sa of mspi = ...;
    ;store_outbound_spi_in_msa: re-aligning processed key;
    ;store_outbound_spi_in_msa: ERROR: could not get kbuf;
    ;store_spi_in_table_ex: failed to store outbound esp SA;
Solution
Note: To view this solution you need to Sign In .