- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Checkpoint S2S VPN with AWS Virtual Private Ga...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint S2S VPN with AWS Virtual Private Gateway
I have a Checkpoint SG 4600 cluster with GAIA R77.30. Trying to establish a site to site vpn tunnel with AWS Virtual Private Gateway. I have a Domain based vpn setup on my end with an Inbound policy rule ( Meaning a server in AWS initiates a connection to a server in our network ) . On the day of deployment when they initiated the traffic the tunnel did not come up and I did not see any negotiations happening ( Did not see any IKE 500 packets coming to our network border router/Firewall, did not see any Key Install messages in Smart View Tracker ). AWS was unable to provide me any logs as it has been said that AWS Virtual Private Gateway is always configured to be as a "Responder" but not as a "Initiator" of the tunnel and hence they do not see any logs.
Is there any way I can configure checkpoint gateway to be the initiator of the tunnel ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
May be below thread will be helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have configured the tunnel on Checkpoint gateway but how do we know which device behaves as an "Initiator" ? AWS Virtual Private Gateway can act only as "Responder" and I cannot trigger any traffic from my network as this is only inbound traffic to us ( from AWS to our network ) ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You have to generate some interesting traffic to check this. Run the VPN debug and analyze ike.elg file on IKE info viewer tool, you will come to know which gateway initiates the traffic from first packet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content