https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/81221#M11342 <P>Dear Respected Members,</P><P>I am new to Checkpoint Technology and needs some help in creating a S2S VPN.&nbsp; I am trying to create a S2S VPN between one R80.20 Cluster and one Standalone gateway running on R80.30, currently managed by one Mgmt Server running on R80.30.&nbsp; </P><P>The traffic is getting rejected between two gateways, I have checked my Rule base,VPN community and everything looks fine, however I am unable to determine whats going on? It seems both gateways are unable to talk to eachother as they both are used in the same meshed VPN community. I have noticed one more thing as soon I remove the VPN community from VPN traffic rule base then my both gateways are able to ping each other, I am not sure why traffic gets rejected when I put both Gateway within same VPN community?</P><P>I have run debugs as well and it only tells me Main mode failure.</P><P>Please assist me on this if possible. Thanks</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="S2S VPN Issue.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5450i13F57668B6E6D51F/image-size/medium?v=v2&amp;px=400" role="button" title="S2S VPN Issue.PNG" alt="S2S VPN Issue.PNG" /></span></P><P> </P><P>&nbsp;</P> Thu, 09 Apr 2020 21:26:13 GMT Rano 2020-04-09T21:26:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/81221#M11342 <P>Dear Respected Members,</P><P>I am new to Checkpoint Technology and needs some help in creating a S2S VPN.&nbsp; I am trying to create a S2S VPN between one R80.20 Cluster and one Standalone gateway running on R80.30, currently managed by one Mgmt Server running on R80.30.&nbsp; </P><P>The traffic is getting rejected between two gateways, I have checked my Rule base,VPN community and everything looks fine, however I am unable to determine whats going on? It seems both gateways are unable to talk to eachother as they both are used in the same meshed VPN community. I have noticed one more thing as soon I remove the VPN community from VPN traffic rule base then my both gateways are able to ping each other, I am not sure why traffic gets rejected when I put both Gateway within same VPN community?</P><P>I have run debugs as well and it only tells me Main mode failure.</P><P>Please assist me on this if possible. Thanks</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="S2S VPN Issue.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5450i13F57668B6E6D51F/image-size/medium?v=v2&amp;px=400" role="button" title="S2S VPN Issue.PNG" alt="S2S VPN Issue.PNG" /></span></P><P> </P><P>&nbsp;</P> Thu, 09 Apr 2020 21:26:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/81221#M11342 Rano 2020-04-09T21:26:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/81501#M11343 Start with: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112054&amp;partition=Basic&amp;product=IPSec" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112054&amp;partition=Basic&amp;product=IPSec</A> Fri, 10 Apr 2020 04:10:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/81501#M11343 PhoneBoy 2020-04-10T04:10:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/82854#M11344 <P>Hello Phoneboy,</P><P>Thank you very much for your reply.</P><P>I have gone through the SK article you mentioned and made necessary changes, however the tunnel is still not coming up, as soon the traffic enters in to the community its giving me IKE failure error. </P><P>I am just loosing hope on this. It will be great if somebody can advise me. Tx</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pic.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5738iD61D9CAD0F7E769F/image-size/medium?v=v2&amp;px=400" role="button" title="pic.PNG" alt="pic.PNG" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="02.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5739i6135ADA38B55BF46/image-size/medium?v=v2&amp;px=400" role="button" title="02.PNG" alt="02.PNG" /></span></P><P> </P> Thu, 23 Apr 2020 00:29:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/82854#M11344 Rano 2020-04-23T00:29:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/82881#M11345 Have you set a pre-shared key on both sides?<BR />You created the same VPN community on both management servers with th exact same settings?<BR />Also make sure the VPN topologies are defined the same on both management servers. Thu, 23 Apr 2020 07:33:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/82881#M11345 Maarten_Sjouw 2020-04-23T07:33:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/83004#M11346 <P>Hello Maarten,</P><P>Thanks for your reply.</P><P>Both gateways are managed by One Management server so I have created one meshed VPN community and used it on both policies on the gateway.</P><P>It should be simple config, however its still not working.</P> Thu, 23 Apr 2020 21:57:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/83004#M11346 Rano 2020-04-23T21:57:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/83005#M11347 You'll need to debug to see what the issue is.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk63560" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk63560</A> Thu, 23 Apr 2020 22:03:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Site-to-Site-VPN-Issue/m-p/83005#M11347 PhoneBoy 2020-04-23T22:03:35Z