Thursday, March 5, 2015

Check Point Gaia: How To Bounce A VPN Tunnel

There have been a few times when I have had to go into Check Point and bounce a VPN.  I personally never remember how to do this, but since I had to do it recently, I thought I would post how to do this.  This customer was running the Gaia OS, R77.10.
See highlighted what I did in CLI to bounce the VPN with a peer of 95.95.95.95.  You will see that I find the VPN peer, "delete" the VPN sa (which means drop the VPN), and get it brought back up again.

CheckPoint> vpn tu

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:

Peer  95.95.95.95 SAs:

        1. IKE SA <6f4546e1f9819014,c41aa3f2c76cb39c>:



Hit <Enter> key to continue ...

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

5

        Enter IP of peer (format: xxx.xxx.xxx.xxx): 95.95.95.95

Hit <Enter> key to continue ...

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:



Hit <Enter> key to continue ...

CheckPoint> vpn tu

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:

Peer  95.95.95.95 SAs:

        1. IKE SA <0b4ae79cc8418e4d,240a90bf209d613f>:



Hit <Enter> key to continue ...

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.