Checkpoint 5400 IPSec VPN problem

Timothy_Fan · ‎2019-01-03

I am new to checkpoint and tried to setup a VPN with remote site with another brand of firewall.

Site A (Local): Checkpoint 5400

Subnet: 10.7.3.0/24

Site B (Remote): Sonicewall NSA 5600

Subnet: 10.29.0.0/22, 192.168.12.0/12

VPN established and i saw 2 tunnels in both firewalls

Subnet: 10.7.3.0 and 10.29.0.0 are ok. ping, access servers of both sizes are ok

but subnet: 10.7.3.0 and 192.168.12.0 not ok. tracert also shows the traffic not going thou. the vpn.

Checked policy are ok.

What am i missing to make it work ? Any help or additional config. information needed is welcome.

THX

Chris_Atkinson · ‎2019-01-04

I would start by checking / fixing the subnet for the 192.168.12.0 network as it doesn't appear correct

CCSM R77/R80/ELITE

Danny · ‎2019-01-04

192.168.12.0/12 ?
Network:   192.160.0.0/12        11000000.1010 0000.00000000.00000000 (Class C)
Broadcast: 192.175.255.255       11000000.1010 1111.11111111.11111111
HostMin:   192.160.0.1           11000000.1010 0000.00000000.00000001
HostMax:   192.175.255.254

This mixes up private and public networks. Please check first that you haven't done any typing mistakes.

Afterwards check what SmartLog is showing.

Steve_Runyon · ‎2019-01-04

Do you have a (local) route to 192.168.12.0 in your interior that directs that traffic to the Checkpoint? If not, that could be the problem. One way to do this is to put a static route on the Checkpoint saying that 192.168 is via the external interface, then redistribute this into OSPF or whatever IGP you use internally.

Are you a member of CheckMates?

Checkpoint 5400 IPSec VPN problem