There have been a few times when I have had to go into Check Point and bounce a VPN. I personally never remember how to do this, but since I had to do it recently, I thought I would post how to do this. This customer was running the Gaia OS, R77.10.
See highlighted what I did in CLI to bounce the VPN with a peer of 95.95.95.95. You will see that I find the VPN peer, "delete" the VPN sa (which means drop the VPN), and get it brought back up again.
CheckPoint> vpn tu
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
1
Peer 192.168.2.2, user md5 f1d8da7f8f1e75f1:
1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:
Peer 192.168.3.3, user md5 6adca7ae69e47b02:
1. IKE SA <38647c043135de92,c3779a840740326c>:
Peer 64.64.64.64 SAs:
1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:
Peer 95.95.95.95 SAs:
1. IKE SA <6f4546e1f9819014,c41aa3f2c76cb39c>:
Hit <Enter> key to continue ...
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
5
Enter IP of peer (format: xxx.xxx.xxx.xxx): 95.95.95.95
Hit <Enter> key to continue ...
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
1
Peer 192.168.2.2, user md5 f1d8da7f8f1e75f1:
1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:
Peer 192.168.3.3, user md5 6adca7ae69e47b02:
1. IKE SA <38647c043135de92,c3779a840740326c>:
Peer 64.64.64.64 SAs:
1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:
Hit <Enter> key to continue ...
CheckPoint> vpn tu
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
1
Peer 192.168.2.2, user md5 f1d8da7f8f1e75f1:
1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:
Peer 192.168.3.3, user md5 6adca7ae69e47b02:
1. IKE SA <38647c043135de92,c3779a840740326c>:
Peer 64.64.64.64 SAs:
1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:
Peer 95.95.95.95 SAs:
1. IKE SA <0b4ae79cc8418e4d,240a90bf209d613f>:
Hit <Enter> key to continue ...
I have use option 7 to delete IPsec and IKE SA but the tunnel did not came up.
ReplyDelete