Checkpoint Configuration Considerations for VPNaaS and Corente Service Gateway
Last updated on APRIL 26, 2018
Applies to:Corente Cloud Services Exchange - Version 9.4 and later
Information in this document applies to any platform.
When partnering a Checkpoint VPN device with a VPN as a Service gateway (VPNaaS) or Corente Cloud Service Gateway (CSG), traffic does not appropriately traverse the VPN tunnel. In reviewing the connection, the following may be noted:
- Both the VPNaaS/CSG tunnel status and the Checkpoint tunnel status will report as "Up".
- The Checkpoint logs may report "Invalid SA" (security association) for the interesting traffic.
- VPNaaS/CSG logs will show the following type of messages in the secure log file:
>< >pluto: "T.< >.< >" #998: cannot respond to IPsec SA request because no connection is known for < >()===< >[< >]...< >===< >()
>< >pluto: "T.< >.< >" #998: sending encrypted notification INVALID_ID_INFORMATION to < >:4500
- NOTE: <
>is a local ID to the VPNaaS/CSG and is not pertinent to the customer connection, although it may be helpful in determining which SA the VPNaaS/CSG is referencing.
- NOTE: <
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms