Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

S2S VPN problem with AWS

I have a Checkpoint SG 15600 cluster with GAIA R80.30. Trying to establish a site to site vpn tunnel with AWS Virtual Private Gateway. I have a Route based vpn setup on my end.  On the day of deployment when initiated the traffic the tunnel did not come up and I did not see any negotiations happening ( Did not see any IKE 500 packets coming to our network border router/Firewall, did not see any Key Install messages in Smart View Tracker ). AWS was unable to provide me any logs as it has been said that AWS Virtual Private Gateway is always configured to be as a "Responder" but not as a "Initiator" of the tunnel and hence they do not see any logs. 

While I am debugging traffic on my end (fw ctl zdebug drop | grep X.X.X.X) i found: 

@;1394424837;[cpu_31];[fw4_0];fw_log_drop_ex: Packet proto=17 X.X.X.X:500 -> Y.Y.Y.Y:500 dropped by fwpslglue_chain Reason: PSL Drop: ADVP;

 

0 Kudos
2 Replies
Highlighted
Sapphire

Why not contact TAC to resolve this issue ?

0 Kudos
Highlighted
Ivory

i did but could not able to get solution.
0 Kudos