Hello everyone,

I'm facing a problem I've seen occur in other scenarios. I configured a VPN between a Check Point (Cloudguard) with one peer and a VPN gateway (AWS) with two peers configured in the same community.

My Check Point gateway is version R81.20 JHF 120.

The configuration mode chosen for the VPN was based on routes with an unnumbered interface. I created the VTIs with the same names as the interoperable objects, routes with correct destinations, encryption, rules, everything is correct, but only one of the tunnels stays UP. The secondary tunnel doesn't even initiate communication with the remote peer. I don't see any attempts by the firewall to establish communication on port 500 or 4500 via tcpdump or firewall monitor. I also don't see any drops via firewall control zdebug, and VPN debug doesn't show any information about the secondary peer either. The smart console doesn't display any logs either.

Have you experienced something similar and could share or suggest something to understand what might be happening?

In an attempt to solve the problem:

1 - I changed the ikev1 version to ikev2
2 - I created another community only with the problematic peer and it remained the same, with no traffic.