https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49647#M12955 <P>In the properties of the VPN Community object under VPN Tunnel Sharing, select the option "one tunnel per pair of hosts" and reinstall policy.</P> Wed, 03 Apr 2019 01:58:32 GMT Timothy_Hall 2019-04-03T01:58:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49604#M12953 <P>Hi,</P><P>it's my first post in about 25 years installing CP (first one was an 4.1 on NT 4.0 Server).</P><P>I configured as usual my VPN and other site is very collaborative.</P><P>IKE Phase 1 is OK!</P><P>IPSEC Phase 2 starts it appears in VPN TU -&gt; 2 menu ... but no INBOUND/OUTBOUND created.</P><P>I tried to follow almost any SK, now I also configured user.def.FW1 (I,m testing both on old R77.30 appliance and new R80.20 openserver vmware).</P><P>My problem I supposed is to export only one HOST 192.168.220.1/32 (yes, 255.255.255.255) to reach another single host 10.103.201.95/32 ... I already asked other side to create Network Object on Cisco and not Host Object, but no way.</P><P>I really don't know how to fix this problem,<BR />if somebody had same issue and wants to share solution,</P><P>Although tomorrow morning I'll open a ticket to Support and I try to fix with them.</P><P>I prefer to study solution and to debug, instead of directly ask for support, but this time it seems to be grater than me.</P><P>Thanks,</P><P>Francesco.</P><P>&nbsp;</P> Tue, 02 Apr 2019 17:01:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49604#M12953 Francesco_Bonat 2019-04-02T17:01:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49645#M12954 <P>What is the full path to the user.def.FW1 you are modifying?&nbsp;Since you're using R80.20 to manage R77.30, you need to modify the one in the R77.x Backward Compatibility directory.</P> <P>This thread may also be helpful in debugging:&nbsp;<A href="https://community.checkpoint.com/t5/Access-Control-Products/VPN-Troubleshooting-Commands/m-p/39636#M92" target="_blank">https<span class="lia-unicode-emoji" title=":confused_face:">😕</span>/community.checkpoint.com/t5/Access-Control-Products/VPN-Troubleshooting-Commands/m-p/39636#M92</A></P> Wed, 03 Apr 2019 01:51:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49645#M12954 PhoneBoy 2019-04-03T01:51:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49647#M12955 <P>In the properties of the VPN Community object under VPN Tunnel Sharing, select the option "one tunnel per pair of hosts" and reinstall policy.</P> Wed, 03 Apr 2019 01:58:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/49647#M12955 Timothy_Hall 2019-04-03T01:58:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/51017#M12956 <P>Hi,</P><P>thanks for your answer,</P><P>I'm using two different gateways one full stand-alone R77.30 and another full stand-alone R80.20,</P><P>both have same problem. I'm testing solution proposed by another user to change one tunnel per host pair.</P><P>I'm modifying correct .user.def files, I followed info found on SK.</P> Tue, 16 Apr 2019 06:13:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-VPN-R77-30-R80-20-vs-Cisco-ASA-5516/m-p/51017#M12956 Francesco_Bonat 2019-04-16T06:13:27Z