Reset a VPN tunnel in CheckPoint R77.30 or earlier

Some times VPN tunnels may require resetting, in CheckPoint firewalls that can be done by removing the IPSEC/IKE SA’s relating to that tunnel using the “vpn tu” command.
Basically to reset the VPN tunnel do the following:

  1. Log in to the firewall cli and open the vpn tunnel utility:
    cp> vpn tu
    
    **********     Select Option     **********
    
    (1) List all IKE SAs
    
    (2) List all IPsec SAs
    
    (3) List all IKE SAs for a given peer (GW) or user (Client)
    
    (4) List all IPsec SAs for a given peer (GW) or user (Client)
    
    (5) Delete all IPsec SAs for a given peer (GW)
    
    (6) Delete all IPsec SAs for a given User (Client)
    
    (7) Delete all IPsec+IKE SAs for a given peer (GW)
    
    (8) Delete all IPsec+IKE SAs for a given User (Client)
    
    (9) Delete all IPsec SAs for ALL peers and users
    
    (0) Delete all IPsec+IKE SAs for ALL peers and users
    
    (Q) Quit
  2. Press nr 7 on your keyboard,  insert peer GW IP address and press enter twice:
    *******************************************
    
    7
    
    Enter IP of peer (format: xxx.xxx.xxx.xxx): 123.123.123.123
    
    Hit <Enter> key to continue ...
  3. List the IPsec and IKE SAs to see if they have re-appeared for your GW (in some setups it may be required to try and access the VPN connection for the tunnel to be actually renegotiated)


						

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *