Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Brianpiraty_Ale
Contributor

Cannot ping remote VPN gateway

The IPsec tunnel works fine. but could not ping the remote VPN gateway, what could be the problem

0 Kudos
4 Replies
Danny
Champion Champion
Champion

The issue could be

  • the remote VPN gateway requires a rule that permits echo requests (ping) from your VPN gateway
  • your VPN gateway requires a rile that permits echo requests (ping) to the remote VPN gateway
  • the external IP addresses of both VPN gateways are only part of the VPN encryption domain of one VPN gateway
  • the external IP addresses of both VPN gateway have not been excluded from the VPN encryption domain
0 Kudos
LostBoY
Advisor

How can i exclude external ip addresses of bith gateways from encryption domain ?

0 Kudos
PhoneBoy
Admin
Admin

Upgrade to R81.20, it's actually a checkbox in the relevant Gateway objects.
In earlier releases, see scenario 3 in: https://support.checkpoint.com/results/sk/sk108600 

0 Kudos
Gomboragchaa
Advisor

I had same issue. Our monitoring tool send ping to remote gateway always.

1. Activate ICMP Requests from Global properties.

If still same:

edit $FWDIR/lib/crypt.def file

- find #ifndef NON_VPN_TRAFFIC_RULES 

add belowed config
#ifndef IPV6_FLAVOR
#define NON_VPN_TRAFFIC_RULES (dst=remote_peer_gateway_IP)
#else

#define NON_VPN_TRAFFIC_RULES 0
#endif
#endif

#endif /* __crypt_def__ */

Then install policy. After you will get direct access to remote gateway...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events