https://community.checkpoint.com/t5/Cloud-Firewall/VPN-Issues-Check-Point-Cloudguard-x-AWS-VPN-Gateway/m-p/277433#M6231 <P>Hello everyone,</P><P>I'm facing a problem I've seen occur in other scenarios. I configured a VPN between a Check Point (Cloudguard) with one peer and a VPN gateway (AWS) with two peers configured in the same community.</P><P>My Check Point gateway is version R81.20 JHF 120.</P><P>The configuration mode chosen for the VPN was based on routes with an unnumbered interface. I created the VTIs with the same names as the interoperable objects, routes with correct destinations, encryption, rules, everything is correct, but only one of the tunnels stays UP. The secondary tunnel doesn't even initiate communication with the remote peer. I don't see any attempts by the firewall to establish communication on port 500 or 4500 via tcpdump or firewall monitor. I also don't see any drops via firewall control zdebug, and VPN debug doesn't show any information about the secondary peer either. The smart console doesn't display any logs either.</P><P>Have you experienced something similar and could share or suggest something to understand what might be happening?</P><P>In an attempt to solve the problem:</P><P>1 - I changed the ikev1 version to ikev2<BR />2 - I created another community only with the problematic peer and it remained the same, with no traffic.</P> Tue, 26 May 2026 13:47:33 GMT jslimma_soloiro 2026-05-26T13:47:33Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-Issues-Check-Point-Cloudguard-x-AWS-VPN-Gateway/m-p/277433#M6231 <P>Hello everyone,</P><P>I'm facing a problem I've seen occur in other scenarios. I configured a VPN between a Check Point (Cloudguard) with one peer and a VPN gateway (AWS) with two peers configured in the same community.</P><P>My Check Point gateway is version R81.20 JHF 120.</P><P>The configuration mode chosen for the VPN was based on routes with an unnumbered interface. I created the VTIs with the same names as the interoperable objects, routes with correct destinations, encryption, rules, everything is correct, but only one of the tunnels stays UP. The secondary tunnel doesn't even initiate communication with the remote peer. I don't see any attempts by the firewall to establish communication on port 500 or 4500 via tcpdump or firewall monitor. I also don't see any drops via firewall control zdebug, and VPN debug doesn't show any information about the secondary peer either. The smart console doesn't display any logs either.</P><P>Have you experienced something similar and could share or suggest something to understand what might be happening?</P><P>In an attempt to solve the problem:</P><P>1 - I changed the ikev1 version to ikev2<BR />2 - I created another community only with the problematic peer and it remained the same, with no traffic.</P> Tue, 26 May 2026 13:47:33 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-Issues-Check-Point-Cloudguard-x-AWS-VPN-Gateway/m-p/277433#M6231 jslimma_soloiro 2026-05-26T13:47:33Z https://community.checkpoint.com/t5/Cloud-Firewall/VPN-Issues-Check-Point-Cloudguard-x-AWS-VPN-Gateway/m-p/277452#M6232 <P>Is there a specific reason you're using an unnumbered VTI?<BR />We have specific instructions that mention using numbered VTI:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk108958" target="_blank">https://support.checkpoint.com/results/sk/sk108958</A>&nbsp;</P> Tue, 26 May 2026 15:20:57 GMT https://community.checkpoint.com/t5/Cloud-Firewall/VPN-Issues-Check-Point-Cloudguard-x-AWS-VPN-Gateway/m-p/277452#M6232 PhoneBoy 2026-05-26T15:20:57Z