The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
VPN tunnel between Security Gateways fails for no apparent reason, and kernel debug shows '...dropped by vpn_encrypt_chain Reason: no reason'
|
Technical Level
|
| Solution ID |
sk44576 |
| Technical Level |
|
| Product |
IPSec VPN, ClusterXL, Cluster - 3rd-party, Quantum Security Gateways |
| Version |
R77.20 (EOL), R77.30 (EOL) |
| Platform / Model |
All |
| Date Created |
12-Apr-2010
|
| Last Modified |
05-Feb-2023
|
Symptoms
- VPN tunnel between Security Gateways fails for no apparent reason.
- IKE debug (per sk180488) shows a failure on Phase 1 (Main Mode) - Packet 1 is sent to the VPN peer, and VPN peer sends a reply packet. IKE negotiation does not proceed.
- Kernel debug ('
fw ctl debug -m fw + drop') shows that the reply packet from VPN peer is '...dropped by vpn_encrypt_chain Reason: no reason'.
- Configuration in SmartDashboard has been verified for IKE Phase 1 and IKE Phase 2.
- Either Traditional VPN, or Simplified VPN mode is used.
- Issue occurs in cluster environment.
Cause
The VPND daemon fails to pass the packet to ClusterXL layer.
Solution
|
Note: To view this solution you need to
Sign In
.
|
