https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157136#M7388 <P>I welcome colleagues.<BR />Please help with a solution. I am building a vpn tunnel with a remote gateway 1530, which is connected by the same management server.<BR />The WAN external interface works via PPPoE using the provider's login and password, receiving a dynamic address.<BR />In the settings of the smart console, I set up a dynamic address on the WAN interface, in the Link Selection I configure setting resolve by dns name, but the traffic does not enter the tunnel. I renew the vpn certificate by adding alternative names to it, the situation did not help.<BR />By setting a static address, I get the error: Main Mode local machine configured not to respond to unknown IP addresses (i.e. not exportable for SR, and/or not included in the RemoteAccess community, and/or no DAIP's defined).<BR />How should the tunnel be built in this case? What exactly to do in Link Selection?</P> Tue, 13 Sep 2022 11:48:31 GMT GA 2022-09-13T11:48:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157136#M7388 <P>I welcome colleagues.<BR />Please help with a solution. I am building a vpn tunnel with a remote gateway 1530, which is connected by the same management server.<BR />The WAN external interface works via PPPoE using the provider's login and password, receiving a dynamic address.<BR />In the settings of the smart console, I set up a dynamic address on the WAN interface, in the Link Selection I configure setting resolve by dns name, but the traffic does not enter the tunnel. I renew the vpn certificate by adding alternative names to it, the situation did not help.<BR />By setting a static address, I get the error: Main Mode local machine configured not to respond to unknown IP addresses (i.e. not exportable for SR, and/or not included in the RemoteAccess community, and/or no DAIP's defined).<BR />How should the tunnel be built in this case? What exactly to do in Link Selection?</P> Tue, 13 Sep 2022 11:48:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157136#M7388 GA 2022-09-13T11:48:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157140#M7389 <P>Please provide more details - we know one peer is a 1530 (firmware version ?) with DAIP managed by a CP SMS (version / jumbo take ?), but you give no details of the peer !</P> <P>Please look into&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117713&amp;partition=Advanced&amp;product=Quantum" target="_blank" rel="noopener">sk117713: "Main Mode local machine configured not to respond to unknown IP addresses" error on locally managed <STRONG>SMB</STRONG> appliance</A>&nbsp;and&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk167473&amp;partition=Advanced&amp;product=Quantum" target="_blank">sk167473: Dynamically Assigned IP Address (<STRONG>DAIP</STRONG>) Gateway FAQ</A></P> Tue, 13 Sep 2022 12:22:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157140#M7389 G_W_Albrecht 2022-09-13T12:22:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157142#M7390 <P>Hi Albrecht.<BR />Thanks for your reply.<BR />SMB version 80.20.35, I don't remember the exact build.<BR />Management server 81.10 latest take. I have seen these articles and none of them helped.<BR />I've tried using just the domain name, fqdn, as written there, but that doesn't help. Tunnel traffic is sent to the Internet.</P> Tue, 13 Sep 2022 12:25:28 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157142#M7390 GA 2022-09-13T12:25:28Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157143#M7391 <P><SPAN>80.20.35 is rather old, current version is R80.20.50.&nbsp;Still you do not mention the peer ! The SMB GW using DAIP has to start the VPN tunnel - sometimes, NAT-T has to be activated manually. see&nbsp;sk162472.</SPAN></P> Tue, 13 Sep 2022 12:32:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157143#M7391 G_W_Albrecht 2022-09-13T12:32:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157146#M7392 <P>Peer 81.10 last take.<BR />And where does traversal nat come in if both peers are connected directly to the provider?</P> Tue, 13 Sep 2022 12:39:19 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157146#M7392 GA 2022-09-13T12:39:19Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157153#M7393 <P>It does only come in if the VPN fails ! Better contact TAC to get this resolved quickly...</P> Tue, 13 Sep 2022 12:56:01 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/S2S-with-PPPoE/m-p/157153#M7393 G_W_Albrecht 2022-09-13T12:56:01Z