Some times VPN tunnels may require resetting, in CheckPoint firewalls that can be done by removing the IPSEC/IKE SA’s relating to that tunnel using the “vpn tu” command.
Basically to reset the VPN tunnel do the following:
- Log in to the firewall cli and open the vpn tunnel utility:
cp> vpn tu ********** Select Option ********** (1) List all IKE SAs (2) List all IPsec SAs (3) List all IKE SAs for a given peer (GW) or user (Client) (4) List all IPsec SAs for a given peer (GW) or user (Client) (5) Delete all IPsec SAs for a given peer (GW) (6) Delete all IPsec SAs for a given User (Client) (7) Delete all IPsec+IKE SAs for a given peer (GW) (8) Delete all IPsec+IKE SAs for a given User (Client) (9) Delete all IPsec SAs for ALL peers and users (0) Delete all IPsec+IKE SAs for ALL peers and users (Q) Quit
- Press nr 7 on your keyboard, insert peer GW IP address and press enter twice:
******************************************* 7 Enter IP of peer (format: xxx.xxx.xxx.xxx): 123.123.123.123 Hit <Enter> key to continue ...
- List the IPsec and IKE SAs to see if they have re-appeared for your GW (in some setups it may be required to try and access the VPN connection for the tunnel to be actually renegotiated)
February 21, 2019 at 10:08
Perfect.