https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/60664#M12294 <P>Hello,</P><P>I am trying to connect two gateways, a 3200 (remote) and a 12400 local to the SMS (virtual) by a site to site VPN.&nbsp; Phase 1 IKE appears to succeed from the 12400 to the 3200.&nbsp;&nbsp;&nbsp; Phase 2 fails.&nbsp; The ike.elg file states INVALID-CERTIFICATE.&nbsp; We tried renewing the certificate, modifying the $FWDIR/conf/masters file on the remote gateway and adding a rule from the remote gateway to the SMS for FW1_ica_services.&nbsp; None of these have fixed the problem.&nbsp; Does anyone know what the problem is?</P><P>Thanks</P> Mon, 19 Aug 2019 22:19:57 GMT KWD 2019-08-19T22:19:57Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/60664#M12294 <P>Hello,</P><P>I am trying to connect two gateways, a 3200 (remote) and a 12400 local to the SMS (virtual) by a site to site VPN.&nbsp; Phase 1 IKE appears to succeed from the 12400 to the 3200.&nbsp;&nbsp;&nbsp; Phase 2 fails.&nbsp; The ike.elg file states INVALID-CERTIFICATE.&nbsp; We tried renewing the certificate, modifying the $FWDIR/conf/masters file on the remote gateway and adding a rule from the remote gateway to the SMS for FW1_ica_services.&nbsp; None of these have fixed the problem.&nbsp; Does anyone know what the problem is?</P><P>Thanks</P> Mon, 19 Aug 2019 22:19:57 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/60664#M12294 KWD 2019-08-19T22:19:57Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/60671#M12297 Did you renew the certificates in both gateway objects under IPSec-VPN?<BR />Is your VPN Domain overlapping? Tue, 20 Aug 2019 05:13:42 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/60671#M12297 Maarten_Sjouw 2019-08-20T05:13:42Z https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/91117#M18204 <P>Faced the same issue and compile the following after solving:</P><P>Try to check if the peer gateway is able to reach the management server via telnet on 18264.</P><P>Also try to check on the Security Management Object IP(On Smartconsole) and see if that IP is reachable from the peer gateway or not. Try to resolve the connectivity issue from peer gateway to Management server object IP(don't forget NAT).</P> Fri, 10 Jul 2020 09:32:53 GMT https://community.checkpoint.com/t5/General-Topics/Site-to-Site-VPN-between-2-Checkpoint-Gateways-and-a-Checkpoint/m-p/91117#M18204 Elzy 2020-07-10T09:32:53Z