cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Checkpoint 5400 IPSec VPN problem

I am new to checkpoint and tried to setup a VPN with remote site with another brand of firewall.

Site A (Local): Checkpoint 5400

Subnet: 10.7.3.0/24

Site B (Remote): Sonicewall NSA 5600

Subnet: 10.29.0.0/22, 192.168.12.0/12

VPN established and i saw 2 tunnels in both firewalls

Subnet: 10.7.3.0 and 10.29.0.0 are ok. ping, access servers of both sizes are ok

but subnet: 10.7.3.0 and 192.168.12.0 not ok. tracert also shows the traffic not going thou. the vpn.

Checked policy are ok.

What am i missing to make it work ? Any help or additional config. information needed is welcome. 

THX

3 Replies
Employee+
Employee+

Re: Checkpoint 5400 IPSec VPN problem

I would start by checking / fixing the subnet for the 192.168.12.0 network as it doesn't appear correct

0 Kudos
Danny
Jade

Re: Checkpoint 5400 IPSec VPN problem

192.168.12.0/12 ?
Network:  
192.160.0.0/12        11000000.1010 0000.00000000.00000000 (Class C)
Broadcast: 192.175.255.255       11000000.1010 1111.11111111.11111111
HostMin:   192.160.0.1           11000000.1010 0000.00000000.00000001
HostMax:   192.175.255.254

This mixes up private and public networks. Please check first that you haven't done any typing mistakes.

Afterwards check what SmartLog is showing.

Re: Checkpoint 5400 IPSec VPN problem

Do you have a (local) route to 192.168.12.0 in your interior that directs that traffic to the Checkpoint? If not, that could be the problem. One way to do this is to put a static route on the Checkpoint saying that 192.168 is via the external interface, then redistribute this into OSPF or whatever IGP you use internally.

0 Kudos