Support Center > Search Results > SecureKnowledge Details
Permanent VPN Tunnel between DAIP Gateway and Check Point Security Gateway reported as 'Down' although it is really 'Up' Technical Level
Symptoms
  • Permanent VPN Tunnel between DAIP Gateway and Check Point Security Gateway R80.20 /R80.30 reported as 'Down', although it is really 'Up'
  • Working Tunnel test packet's Source and Destination addresses change as they go through the kernel chains, but they are changed back to the original addresses when they leave the gateway.

    Non-working Tunnel test packets do not switch back to the original addresses.
  • When the Source and Destination addresses are not switched back to the original addresses, the request and response are handled in different cores.
  • Drop is seen as due to "According to the policy the packet should not have been decrypted".
Cause

Tunnel test requests and replies handled in different instances.


Solution
Note: To view this solution you need to Sign In .