This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jesus_Vladimir_
Participant
‎2018-11-23 12:50 PM

Problem VPN with AWS Gateway and Checkpoint OnPremise

VPN is one direction only (AWS-Checkpoint on premise); VPN tunnel is established; packet  to AWS not match the rule of the VPN.  

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2018-11-23 05:59 PM

Only being able to establish a VPN in one direction is usually the result of a configuration error.

Unfortunately, you haven't told us much about the configuration you have.

So far, all I know is you have an on-premise Check Point gateway.

What version?

How is it exactly configured?

What are you connecting to on the remote end? (AWS directly? A Check Point instance?)

What troubleshooting have you done?

What log messages have you seen?

Maybe also look at: https://community.checkpoint.com/docs/DOC-3023-vpn-troubleshooting-commands 

0 Kudos
Egor_Cherkasov
Contributor
‎2018-11-23 10:16 PM

I'd like to inroduce you the checklist about configuring VPN. Please check all the steps and may be you will find misconfiguration in your case:

  • Define encryption domains for each site
  • Define firewall workstation objects for each site
  • Configure the gateway objects for the correct encryption domain
  • Configure the extranet community with the appropriate gateways and objects
  • Create the necessary encryption rules.
  • Configure the encryption properties for each encryption rule.
  • Install the security Policy

Likewise Dameon asked you good questions.

Can you indentify the peer? If you are not may be the problem is hidden in:

  • rules refer to an object that is not part of the local firewalls encryption domain
  • may have overlapping encryption domains
  • 2 peers in the same domain
  • sk18972 – explains overlapping with IP addresses and how to configure manual NAT rules
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events