Support Center > Search Results > SecureKnowledge Details
GRE tunnel stops working inside a Site-to-Site VPN tunnel established with Check Point cluster Technical Level
Symptoms
  • GRE tunnel suddenly stops working inside a Site-to-Site VPN tunnel:

    • between Check Point cluster and another Check Point Security Gateway / cluster
    • between Check Point cluster and 3rd party vendor

    Topology:
    [Check Point cluster] --- (VPN) --- [VPN peer]

  • Kernel debug ('fw ctl debug -m fw + drop') on Check Point cluster shows:
    ;fw_log_drop: Packet proto=47 X.X.X.X:0 -> Y.Y.Y.Y:port dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;

  • Failover between Check Point cluster members does not help.

Cause

Possible synchronization issue between the Check Point cluster members.


Solution
Note: To view this solution you need to Sign In .