cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

IPsec S2S VPN between Check Point ( on premise ) and Huawei Cloud

Spoiler
Hi Experts!


We are encountering about setting up IPsec Site-to-Site VPN between Check Point Cluster and Huawei Public Cloud, the tunnel is being up, but the internal clients of both sides are not able to be communicating each other.
I found the logs dropped and got a message description said "Encryption Failure: according to the policy the packet should not have been decrypted"

2019-04-18_192534.jpg




Here are VPN setting on Check Point and Huawei Cloud


Check Point IPsec VPN configuration
2019-04-18_190227.jpg

2019-04-18_190157.jpg


2019-04-18_185829.jpg

2019-04-18_190332.jpg

2019-04-18_190416.jpg

2019-04-18_190447.jpg

2019-04-18_190515.jpg



Huawei Cloud IPsec VPN configuration

2019-04-18_190711.jpg



Remark, in regards to Transfer Protocol this option does not have on checkpoint side.



For VPN rule, we have configured as below.

2019-04-18_191644.jpg



Does anyone here have experience about this before?



Really appreciate every comments. 



Regards,

Sarm

 

0 Kudos
2 Replies
Admin
Admin

Re: IPsec S2S VPN between Check Point ( on premise ) and Huawei Cloud

The error message generally means one side or another is not configured correctly.
More specifically, the configuration is related to what network(s) and subnets are reachable behind the VPN peers.
This must match on both ends, otherwise you will see errors like this.
0 Kudos

Re: IPsec S2S VPN between Check Point ( on premise ) and Huawei Cloud

Hi Admin,

 

Thank you for comment.

 

The tunnel is up now, but I've got a new problem that is the host from HW Could cannot ping to some of the subnets, in this case from 10.3.1.97 <> 10.10.2.3, for an example. look at a red arrow.

 

We tried to traceroute command and found the packet was stuck at Check Point but not sure where steps I'm missing configuration

 

tvd-site-2-site-diagram.jpg

 

Please kindly advise.

 

Regards,

Sarm

0 Kudos