https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222988#M42755 <P>Thank you for your response. I did run the capture on destination firewall. I can see the SYN packet coming from the remote site. However, I do not see that packet being sent to the actual server. In the logs, I do not see a drop either. That is what is puzzling. I checked connection from the firewall to backend server using telnet &lt;IP&gt; &lt;port&gt; and that works fine.<BR />In the interest of time, I am checking if I can get the route-based VPN (DMVPN) working. Will post here once I test.</P> Thu, 08 Aug 2024 00:15:33 GMT gouri-menon 2024-08-08T00:15:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222792#M42711 <P>Hi team. I am trying to setup a site-to-site VPN across 2 tenants in Azure. The product I am using in both location is "CloudGuard Network Security Firewall &amp; Threat Prevention" from Azure marketplace. I did setup the VPN in mesh topology with local &amp; remote "interoperable" device along with the shared key. I am doing this to simulate not having access to the remote checkpoint. I then setup the policy rule &amp; NAT rule to flow over the VPN community.</P><P>I then tried connecting from a windows server on side to a NGINX server on the other side of the tunnel&nbsp;</P><P>&nbsp; -&nbsp; 172.16.102.213 (WIN) ==&gt; GW01 ==&gt; VPN Tunnel ==&gt; GW02 ==&gt; 10.0.0.100 (NGINX)</P><DIV class="">&nbsp;</DIV><DIV class="">In the logs (using smartview) I can see the session which uses VPN blade + encrypt on the source gateway &amp; VPN blade + decrypt on the destination gateway along with the service (http or https). I have even tried the other way for port 3389 &amp; here too I can see it go through the tunnel &amp; arrive at the remote site. In both cases however, the packet is not flowing from the gateway to the destination machine.&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class=""># vpn tu</DIV><DIV class="">Option-1</DIV><DIV class=""><P>Peer xxx.xxx.xxx.xxx , gw-01 SAs:</P><P>IKE SA &lt;0aa90a313c5066a6,69958fa937977e7d&gt;</P></DIV><DIV class="">Option-2</DIV><DIV class=""><P>SAs of all instances:</P><P>Peer xxx.xxx.xxx.xxx , gw-01 SAs:</P><P>IKE SA &lt;0aa90a313c5066a6,69958fa937977e7d&gt;<BR />(No IPSec SAs)</P><P>Similarly, it shows the tunnel up on the other gateway.&nbsp;Am I missing a step or doing something wrong ? Any help would be greatly appreciated.</P><P>&nbsp;</P></DIV> Tue, 06 Aug 2024 01:15:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222792#M42711 gouri-menon 2024-08-06T01:15:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222975#M42748 <P>If you think the problem is not the vpn tunnel I would do ip r get IP and use that interface output to tcpdump to see what happens to the traffic. Could be routing or acl on system itself.&nbsp;</P> Wed, 07 Aug 2024 19:26:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222975#M42748 Lesley 2024-08-07T19:26:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222988#M42755 <P>Thank you for your response. I did run the capture on destination firewall. I can see the SYN packet coming from the remote site. However, I do not see that packet being sent to the actual server. In the logs, I do not see a drop either. That is what is puzzling. I checked connection from the firewall to backend server using telnet &lt;IP&gt; &lt;port&gt; and that works fine.<BR />In the interest of time, I am checking if I can get the route-based VPN (DMVPN) working. Will post here once I test.</P> Thu, 08 Aug 2024 00:15:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unable-to-connect-to-remote-server-through-site-to-site-vpn/m-p/222988#M42755 gouri-menon 2024-08-08T00:15:33Z