Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Problem VPN with AWS Gateway and Checkpoint OnPremise

VPN is one direction only (AWS-Checkpoint on premise); VPN tunnel is established; packet  to AWS not match the rule of the VPN.  

0 Kudos
2 Replies
Highlighted
Admin
Admin

Only being able to establish a VPN in one direction is usually the result of a configuration error.

Unfortunately, you haven't told us much about the configuration you have.

So far, all I know is you have an on-premise Check Point gateway.

What version?

How is it exactly configured?

What are you connecting to on the remote end? (AWS directly? A Check Point instance?)

What troubleshooting have you done?

What log messages have you seen?

Maybe also look at: https://community.checkpoint.com/docs/DOC-3023-vpn-troubleshooting-commands 

0 Kudos
Highlighted

I'd like to inroduce you the checklist about configuring VPN. Please check all the steps and may be you will find misconfiguration in your case:

  • Define encryption domains for each site
  • Define firewall workstation objects for each site
  • Configure the gateway objects for the correct encryption domain
  • Configure the extranet community with the appropriate gateways and objects
  • Create the necessary encryption rules.
  • Configure the encryption properties for each encryption rule.
  • Install the security Policy

Likewise Dameon asked you good questions.

Can you indentify the peer? If you are not may be the problem is hidden in:

  • rules refer to an object that is not part of the local firewalls encryption domain
  • may have overlapping encryption domains
  • 2 peers in the same domain
  • sk18972 – explains overlapping with IP addresses and how to configure manual NAT rules
0 Kudos