pfSense to Check Point Site-to-site IPSec Issues



  • Hello,

    Hoping someone can help shed some light on this issue I am experiencing, it is definitely a configuration issue which after some investigation on the Check Point side of things leads me to believe it lies on the pfSense config.

    I have the pfSense as the head end firewall in a hub and spoke design, the phase 1 and phase 2 settings match identically on both the pfSense and all remote Check Point devices. The tunnels establish without issue, but there are intermittent drops in the connection. About 20 packets are lost before it is reestablished. This is occuring randomly throughout the day for a number of different locations. Error messages which I see on the pfSense are included below.

    (Real IP's replaced with <ip addr>)

    2[IKE] <con16000|14434> QUICK_MODE request with message ID 352033489 processing failed
    12[NET] <con16000|14434> sending packet: from <local-ip-addr>[500] to <remote-peer-ip-addr>[500] (76 bytes)
    12[ENC] <con16000|14434> generating INFORMATIONAL_V1 request 3233822547 [ HASH N(INVAL_HASH) ]
    12[IKE] <con16000|14434> integrity check failed
    12[ENC] <con16000|14434> received HASH payload does not match
    12[ENC] <con16000|14434> parsed QUICK_MODE request 352033489 [ HASH SA No ID ID ]
    12[NET] <con16000|14434> received packet: from <remote-peer-ip-addr>[500] to <local-ip-addr>[500] (172 bytes)

    Any help is greatly appreciated. My knowledge of pfSense is very minimal I have adopted the network from a previous admin and am trying to resolve the performance issues.

    Thanks!

    D