- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I have a Checkpoint SG 4600 cluster with GAIA R77.30. Trying to establish a site to site vpn tunnel with AWS Virtual Private Gateway. I have a Domain based vpn setup on my end with an Inbound policy rule ( Meaning a server in AWS initiates a connection to a server in our network ) . On the day of deployment when they initiated the traffic the tunnel did not come up and I did not see any negotiations happening ( Did not see any IKE 500 packets coming to our network border router/Firewall, did not see any Key Install messages in Smart View Tracker ). AWS was unable to provide me any logs as it has been said that AWS Virtual Private Gateway is always configured to be as a "Responder" but not as a "Initiator" of the tunnel and hence they do not see any logs.
Is there any way I can configure checkpoint gateway to be the initiator of the tunnel ?
Maarten_Sjouw
Hi,
May be below thread will be helpful.
I have configured the tunnel on Checkpoint gateway but how do we know which device behaves as an "Initiator" ? AWS Virtual Private Gateway can act only as "Responder" and I cannot trigger any traffic from my network as this is only inbound traffic to us ( from AWS to our network ) ?
Hi,
You have to generate some interesting traffic to check this. Run the VPN debug and analyze ike.elg file on IKE info viewer tool, you will come to know which gateway initiates the traffic from first packet.
Maarten_Sjouw
Maarten_Sjouw
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY