Wednesday, February 20, 2008

CheckPoint VPN keepalive kills the tunnel

I had the strangest experience when setting up a CheckPoint VPN device the other day. The tunnel built fine, but sometime between a few seconds and 1-2 minutes after coming up fine, it logged a "no proposal chosen" and went dead again. I researched every parameter with no luck, until I came to a checkbox on the last screen of the CheckPoint's VPN tunnel wizard stating something like "Keep this tunnel alive." Naturally I had wanted to keep the tunnel up, so I had checked it.

Funny thing, not until I cleared it again, the tunnel became rock stable. So, as long as you don't ask it to, it keeps your tunnel alive. I guess it just does not like being pushed around...

3 comments:

Ilya said...

Thank you :) You've saved me a looooooong night of headacheas...

J. Benoit said...

Just spent a few days fighting this very issue and even spent a couple hours on the phone with Checkpoint support... all to no avail. Thank you Nerd! This post is a winner!!

Botha Thiart said...

just ran into the same problem with a site to site vpn between checkpoint utm and zywall us100. would've never tried it. thanks.