Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Fan
Participant

Checkpoint 5400 IPSec VPN problem

I am new to checkpoint and tried to setup a VPN with remote site with another brand of firewall.

Site A (Local): Checkpoint 5400

Subnet: 10.7.3.0/24

Site B (Remote): Sonicewall NSA 5600

Subnet: 10.29.0.0/22, 192.168.12.0/12

VPN established and i saw 2 tunnels in both firewalls

Subnet: 10.7.3.0 and 10.29.0.0 are ok. ping, access servers of both sizes are ok

but subnet: 10.7.3.0 and 192.168.12.0 not ok. tracert also shows the traffic not going thou. the vpn.

Checked policy are ok.

What am i missing to make it work ? Any help or additional config. information needed is welcome. 

THX

3 Replies
Chris_Atkinson
Employee Employee
Employee

I would start by checking / fixing the subnet for the 192.168.12.0 network as it doesn't appear correct

CCSM R77/R80/ELITE
0 Kudos
Danny
Champion Champion
Champion

192.168.12.0/12 ?
Network:  
192.160.0.0/12        11000000.1010 0000.00000000.00000000 (Class C)
Broadcast: 192.175.255.255       11000000.1010 1111.11111111.11111111
HostMin:   192.160.0.1           11000000.1010 0000.00000000.00000001
HostMax:   192.175.255.254

This mixes up private and public networks. Please check first that you haven't done any typing mistakes.

Afterwards check what SmartLog is showing.

Steve_Runyon
Participant

Do you have a (local) route to 192.168.12.0 in your interior that directs that traffic to the Checkpoint? If not, that could be the problem. One way to do this is to put a static route on the Checkpoint saying that 192.168 is via the external interface, then redistribute this into OSPF or whatever IGP you use internally.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events