Instability issues in VPN Tunnel with Cisco using IKEv2

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk116776
Product	IPSec VPN
Version	R77.30, R80.10, R80.20
Platform / Model	All
Date Created	09-Apr-2017
Last Modified	07-May-2019

Symptoms

Instability issues in VPN Tunnel with Cisco using IKEv2.
VPND crashes with core dump files during IKEv2 logs creation.

$FWDIR/log/vpnd.elg file on Check Point Security Gateway shows:

[ikev2] Message::decodeAllPayloads: payload 8: Notify (next=Notify)
[ikev2] NotifyPayload::Decode: Notify payload (type 16384) has no data
[ikev2] Message::decodeAllPayloads: payload 9: Notify (next=Notify)
[ikev2] Message::decodeAllPayloads: payload 10: Notify (next=Notify)
[ikev2] NotifyPayload::Decode: Notify payload (type 16394) has no data
[ikev2] Message::decodeAllPayloads: payload 11: Notify (next=None)
[ikev2] NotifyPayload::Decode: Notify payload (type 16395) has no data
[ikev2] ikev2_id_data_str: ID data type: 1

Cause

The Cisco peer is sending information bigger than the Check Point's buffer, causing the VPND to crash.

Solution

Note: To view this solution you need to Sign In .