https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16058#M2664 <HTML><HEAD></HEAD><BODY><P>Thanks for the info, Gunther.</P><P></P><P>The Problem here is the peer end ( AWS) uses a permanent tunnel with DPD which cannot be changed. Hence it is required to enable the same at CheckPoint end.</P><P></P><P>I have referred the mentioned SK and also the VPN admin guide but still, I feel that it is clearly not stated whether to enable both the Permanent tunnel option from the VPN community and DPD or just the DPD from Guidbedit.</P><P></P><P>I tested this in the lab between to Check Point device enabling both Permanent tunnel&nbsp;option and changing&nbsp;the tunnel testing to DPD.&nbsp;</P><P></P><P>Observation: In spite of disabling the default "tunnel testing" feature which works on port 18234 I can still see traffic exchanged with these ports as shown below.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76392_pastedImage_1.png" /></P></BODY></HTML> Fri, 14 Dec 2018 14:02:29 GMT amith_rao 2018-12-14T14:02:29Z https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16056#M2662 <HTML><HEAD></HEAD><BODY><P>There is a requirement to Establish a Permanent Tunnel between CheckPoint and Interoperable device(AWS). To do so does the configuration only involve enabling DPD from Guidbedit or also&nbsp;it is required to enable the "permanent tunnel" option in the VPN community?</P><P></P><P>Thanks in Advance.&nbsp;&nbsp;</P></BODY></HTML> Fri, 14 Dec 2018 13:21:18 GMT https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16056#M2662 amith_rao 2018-12-14T13:21:18Z https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16057#M2663 <HTML><HEAD></HEAD><BODY><P>Here is very good explanation:&nbsp;<A class="" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108600&amp;partition=Advanced&amp;product=IPSec">sk108600: VPN Site-to-Site with 3rd party</A></P><P></P><P>An alternative would be to send packets from client at Site behind CP GW to another client behind peer GW in a regular intervall.</P></BODY></HTML> Fri, 14 Dec 2018 13:43:46 GMT https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16057#M2663 G_W_Albrecht 2018-12-14T13:43:46Z https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16058#M2664 <HTML><HEAD></HEAD><BODY><P>Thanks for the info, Gunther.</P><P></P><P>The Problem here is the peer end ( AWS) uses a permanent tunnel with DPD which cannot be changed. Hence it is required to enable the same at CheckPoint end.</P><P></P><P>I have referred the mentioned SK and also the VPN admin guide but still, I feel that it is clearly not stated whether to enable both the Permanent tunnel option from the VPN community and DPD or just the DPD from Guidbedit.</P><P></P><P>I tested this in the lab between to Check Point device enabling both Permanent tunnel&nbsp;option and changing&nbsp;the tunnel testing to DPD.&nbsp;</P><P></P><P>Observation: In spite of disabling the default "tunnel testing" feature which works on port 18234 I can still see traffic exchanged with these ports as shown below.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76392_pastedImage_1.png" /></P></BODY></HTML> Fri, 14 Dec 2018 14:02:29 GMT https://community.checkpoint.com/t5/General-Topics/Permanent-Tunnel-with-inter-operable-Device/m-p/16058#M2664 amith_rao 2018-12-14T14:02:29Z