If
using Endpoint Security VPN
- What Endpoint Security VPN client version are you using?
- What are the client OS's and versions?
- What is the public IP of the gateway?
- What is the client's public IP and office mode IP? (IPChicken.com will give you your public IP and ipconfig will give you the office mode IP on the checkpoint interface).
- What is the clients username?
To troubleshoot this issue please Enable client logging on a client machine that is having issues.
- Right click the Yellow/Green Lock icon from your quick launch menu
- Select VPN Options, a new window appears
- Click on the "Advanced" tab
- Click "Enable Logging"
- Keep the dialog box open
Also, we will need to collect some debugs from the gateway. From expert mode on the gateway involved.
#vpn debug trunc
#vpn debug on TDERROR_ALL_ALL=5
-wait for issue to replicate
#vpn debug trunc off
#vpn debug on TDERROR_ALL_ALL=0
-provide the following for analysis: (Use a program like winSCP. You may need to change the shell (chsh -s /bin/bash) echo $FWDIR (for file path to $FWDIR/log/))
$FWDIR/log/ike.elg*
$FWDIR/log/vpnd.elg*
-on the client click on collect logs. Once the files are displayed, back up one directory, this is the cab file we will need.
-uncheck Enable Logging
If using SNX with mobile access
What
is the client's public IP and office mode IP? (IPChicken.com will give
you your public IP and ipconfig will give you the office mode IP on the
checkpoint interface).
What is the clients username?
Follow the procedure in sk103572
for client side debugs.
Additionally run the gateway debugs
#cvpnd_admin debug set TDERROR_ALL_ALL=5
#vpn debug trunc
#vpn debug on TDERROR_ALL_ALL=5
to stop:
#cvpnd_admin debug off
#vpn debug trunc off
#vpn debug on TDERROR_ALL_ALL=0
-in addition to the client logs provide the following for analysis:
$CVPNDIR/log/cvpnd.elg*
$FWDIR/log/ike.elg*
$FWDIR/log/vpnd.elg*