https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-with-3rd-party-Scenario-3-Implicit-inclusion-of-external/m-p/121083#M17214 <P>Recommend a TAC case here.</P> Mon, 14 Jun 2021 03:31:50 GMT PhoneBoy 2021-06-14T03:31:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-with-3rd-party-Scenario-3-Implicit-inclusion-of-external/m-p/120937#M17186 <P>Have applied the mentioned solution on an R80.40 manager with R80.40 gws (take 91)</P><P>&nbsp;</P><P>Unfortunately i still see the external addresses trying to be negotiated by the checkpoint</P><P>My $FWDIR/lib/crypt.def looks like in the attached screenshot, dst ip addresses are remote peers.</P><P>&nbsp;</P><P>Policy pushes fine but the TSi, TSr still wrong. Yes, IKEv2 btw.</P><P>&nbsp;</P><P>&nbsp;</P><P>Any ideas?<BR /><BR /><BR />Cheers</P><P>&nbsp;</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Fri, 11 Jun 2021 10:50:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-with-3rd-party-Scenario-3-Implicit-inclusion-of-external/m-p/120937#M17186 Juan_ 2021-06-11T10:50:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-with-3rd-party-Scenario-3-Implicit-inclusion-of-external/m-p/121083#M17214 <P>Recommend a TAC case here.</P> Mon, 14 Jun 2021 03:31:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-with-3rd-party-Scenario-3-Implicit-inclusion-of-external/m-p/121083#M17214 PhoneBoy 2021-06-14T03:31:50Z