Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KWD
Explorer

Site to Site VPN between 2 Checkpoint Gateways and a Checkpoint SMS

Hello,

I am trying to connect two gateways, a 3200 (remote) and a 12400 local to the SMS (virtual) by a site to site VPN.  Phase 1 IKE appears to succeed from the 12400 to the 3200.    Phase 2 fails.  The ike.elg file states INVALID-CERTIFICATE.  We tried renewing the certificate, modifying the $FWDIR/conf/masters file on the remote gateway and adding a rule from the remote gateway to the SMS for FW1_ica_services.  None of these have fixed the problem.  Does anyone know what the problem is?

Thanks

0 Kudos
2 Replies
Maarten_Sjouw
Champion
Champion

Did you renew the certificates in both gateway objects under IPSec-VPN?
Is your VPN Domain overlapping?
Regards, Maarten
0 Kudos
Elzy
Explorer

Faced the same issue and compile the following after solving:

Try to check if the peer gateway is able to reach the management server via telnet on 18264.

Also try to check on the Security Management Object IP(On Smartconsole) and see if that IP is reachable from the peer gateway or not. Try to resolve the connectivity issue from peer gateway to Management server object IP(don't forget NAT).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events