WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

TRB140 IPSec VPN to CheckPoint

0 votes
255 views 0 comments
by anonymous

Hi,

I have a Problem with my IPSec VPN.

Communication is going only the one way, right to left and not left to right.

Here is my configuration:

version 2

conn GMDS-GMDS_c
  left=%any
  right=xxx.xxx.xxx.179
  leftfirewall=no
  rightfirewall=no
  ikelifetime=86400
  lifetime=3600
  margintime=9m
  keyingtries=3
  dpdaction=restart
  dpddelay=30s
  dpdtimeout=90s
  leftauth=psk
  rightauth=psk
  auto=start
  leftsubnet=192.168.139.0/24
  leftid=xxx.xxx.xxx.206
  rightid=xxx.xxx.xxx.179
  forceencaps=no
  type=tunnel
  keyexchange=ikev1
  esp=aes128-sha1-modp2048
  ike=aes256-sha1-modp2048
  rightsubnet=192.168.10.0/24

Ig got this message in the logs

Fri Mar  4 14:21:58 2022 daemon.info ipsec: 12[ENC] parsed QUICK_MODE request 439155404 [ HASH SA No KE ID ID ]
Fri Mar  4 14:21:58 2022 daemon.info ipsec: 12[IKE] no matching CHILD_SA config found for xxx.xxx.xxx.179/32 === 192.168.139.0/24
Fri Mar  4 14:21:58 2022 daemon.info ipsec: 12[ENC] generating INFORMATIONAL_V1 request 3768255409 [ HASH N(INVAL_ID) ]
Fri Mar  4 14:21:58 2022 daemon.info ipsec: 12[NET] sending packet: from xxx.xxx.xxx.236[500] to xxx.xxx.xxx.179[500] (76 bytes)
Fri Mar  4 14:22:00 2022 daemon.info ipsec: 13[NET] received packet: from xxx.xxx.xxx.179[500] to xxx.xxx.xxx.236[500] (428 bytes)
Fri Mar  4 14:22:00 2022 daemon.info ipsec: 13[IKE] received retransmit of request with ID 439155404, but no response to retransmit
Fri Mar  4 14:22:02 2022 daemon.info ipsec: 15[NET] received packet: from xxx.xxx.xxx.179[500] to xxx.xxx.xxx.236[500] (428 bytes)
Fri Mar  4 14:22:02 2022 daemon.info ipsec: 15[IKE] received retransmit of request with ID 439155404, but no response to retransmit

What is the problem in my config?

Phase1 and 2 are both identical.

1 Answer

0 votes
by anonymous

Hello,

I have had a similar question in the past. Here is a screen shot from the Checkpoint VPN admin guide:

It seems that the link selection Feature is a proprietary checkpoint feature, and therefore works only between Checkpoint devices. Have you tried to contact Checkpoint support? We see the need for mutual cooperation and clarification. As I see Checkpoint declares it's not supported for non-Checkpoint devices.

Regards.