Create a Post
Showing results for 
Search instead for 
Did you mean: 

Loosing SMS to FW connectivity after applied IPsec VPN configuration

Hello All,

I am quite new on Checkpoint VPN blade that's why sorry for stupid question !

Basically I am trying to establish IPsec VPN(mesh community) tunnels between HQ and branch sites as below diagram.

However once I apply IPsec configuration, I lost SMS and FW connectivity. I suspect somehow SMS traffic goes into VPN tunnel that's why I lost connectivity between SMS and FW. See below Dubai-FW is disconnected after I push policy.



- Even though Dubai-FW is disconnected from SMS, Clients start to ping remote site that means IPSec VPN config successfull



In HQ-FW, I have only defined HQ-LAN-NET [] network.(not added MGMT

- I have also defined VPN access policies on both Branch and HQ(rule 3 and 4)




-Defined NAT policy between branch and HQs( rule 1 and 2) [Not performing NAT between HQ and Branch Networks but SMS]



- I see from Logs that the traffic between Clients are encrypted and decrypted as below





- I check VPN blade logs and realized that many drops here below you can see one of them's detail. It specifies "Clear text packet should be encrypted"



From my perspective the SMS traffic goes into VPN tunnel even though I have excluded network from VPN domain in HQ-FW. But don't understand the reason why.

Is anyone help me what couldn't I figure out in this  set up ?

I would be appreciated if you have a look.

Thanks in Advance,



0 Kudos
1 Reply

Management traffic does NOT go through the VPN by design.
That said, there must be a static NAT to the management server that the remote gateways can reach.
Refer to: 

0 Kudos