- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello,
I am configuring a L2L between a CP 1490 and a 5000 box. I am pretty sure the problem lies on the 1490, because we have quite a few tunnels on the 5000 that work just fine -and this is my first time with a 1490 so I might be missing something there.
When I check on the 1490, it says the tunnel is up -I can see the same in the 5000. The logs in the 5000 shows the packets get encrypted and sent on its way.
Checking the logs on the 1490 I see the key gets installed, but I also see this:
IKE failure: Child SA exchange: Received notification from peer: Traffic selectors unacceptable
Are any routes needed in the 1490 for the subnets on the other side? Since this is a Policy-based L2L I guess they are not but I am trying to make sure I am not missing anything.
Thanks,
//Anibal
Jerry
Hello,
the encryption domain in the hub CP is system-wide, and all I've got for this community is the only subnet on the remote side (1490).
On the remote side, I am defining the remote subnets manually, matching two of the subnets in the hub. The local encryption domain includes the only LAN subnet.
I've read the SK you posted about VPN routing -in the hub, I am only routing through the center. Is there such an option in the 1490?
//Anibal
Jerry
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY