Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hi
I have configured a VPN tunnel between a 1430 and my central checkpoint Firewall (R80.10).
The VPN tunnel is connected but the test packed towards 8.8.8.8 is blocked.
In the fw monitor i get the following
[vs_0][fw_0] eth1:i[68]: 172.16.50.50 -> 8.8.8.8 (UDP) len=68 id=21028
UDP: 58832 -> 53
[vs_0][fw_0] eth1:i[68]: 172.16.50.50 -> 8.8.8.8 (UDP) len=68 id=21029
UDP: 58832 -> 53
[vs_0][fw_0] eth1:i[65]: 172.16.50.50 -> 8.8.8.8 (UDP) len=65 id=21030
UDP: 42110 -> 53
[vs_0][fw_1] eth1:i[68]: 172.16.50.50 -> 8.8.8.8 (UDP) len=68 id=21031
UDP: 58832 -> 53
What policy is it that I need to make changes to?
The 1430 is configured as a Interoperable Device with a fixed IP number of the WAN interface my 4G connection, in the topology i am using the same IP on the External network .
You have an encryption domain issue. The R80.10 doesn't know that 8.8.8.8 is part of its encryption domain. Make sure in the vpn community to change the VPN routing option to be "To center or through center to other satellites, to Internet abd other VPN targets", I'm assuming that you configured the 1430 to route all the traffic in the webui through the R80.10 GW. Make sure you have a Hide NAT rule on the R80.10 GW to hide traffic from behind the 1430 networks to the internet, because the internet should return the traffic to the R80.10 GW.
I noticed in the log the source is 172.16.50.50 after the decryption of the packet is that the external IP of the 1430 are doing Hide NAT behind the 1430 external IP?
Please Make sure to include the 172.16.50.x and the 192.168.130.x networks in smartconsole for the encryption domain of the 1430 device and try to change it to be Externally managed checkpoint device.
