Showing results for 
Search instead for 
Did you mean: 
Create a Post

Problem VPN with AWS Gateway and Checkpoint OnPremise

VPN is one direction only (AWS-Checkpoint on premise); VPN tunnel is established; packet  to AWS not match the rule of the VPN.  

0 Kudos
2 Replies

Re: Problem VPN with AWS Gateway and Checkpoint OnPremise

Only being able to establish a VPN in one direction is usually the result of a configuration error.

Unfortunately, you haven't told us much about the configuration you have.

So far, all I know is you have an on-premise Check Point gateway.

What version?

How is it exactly configured?

What are you connecting to on the remote end? (AWS directly? A Check Point instance?)

What troubleshooting have you done?

What log messages have you seen?

Maybe also look at: 

0 Kudos

Re: Problem VPN with AWS Gateway and Checkpoint OnPremise

I'd like to inroduce you the checklist about configuring VPN. Please check all the steps and may be you will find misconfiguration in your case:

  • Define encryption domains for each site
  • Define firewall workstation objects for each site
  • Configure the gateway objects for the correct encryption domain
  • Configure the extranet community with the appropriate gateways and objects
  • Create the necessary encryption rules.
  • Configure the encryption properties for each encryption rule.
  • Install the security Policy

Likewise Dameon asked you good questions.

Can you indentify the peer? If you are not may be the problem is hidden in:

  • rules refer to an object that is not part of the local firewalls encryption domain
  • may have overlapping encryption domains
  • 2 peers in the same domain
  • sk18972 – explains overlapping with IP addresses and how to configure manual NAT rules
0 Kudos