Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

CheckPoint VPN R77.30/R80.20 vs. Cisco ASA 5516

Hi,

it's my first post in about 25 years installing CP (first one was an 4.1 on NT 4.0 Server).

I configured as usual my VPN and other site is very collaborative.

IKE Phase 1 is OK!

IPSEC Phase 2 starts it appears in VPN TU -> 2 menu ... but no INBOUND/OUTBOUND created.

I tried to follow almost any SK, now I also configured user.def.FW1 (I,m testing both on old R77.30 appliance and new R80.20 openserver vmware).

My problem I supposed is to export only one HOST 192.168.220.1/32 (yes, 255.255.255.255) to reach another single host 10.103.201.95/32 ... I already asked other side to create Network Object on Cisco and not Host Object, but no way.

I really don't know how to fix this problem,
if somebody had same issue and wants to share solution,

Although tomorrow morning I'll open a ticket to Support and I try to fix with them.

I prefer to study solution and to debug, instead of directly ask for support, but this time it seems to be grater than me.

Thanks,

Francesco.

 

0 Kudos
3 Replies
Highlighted
Admin
Admin

What is the full path to the user.def.FW1 you are modifying? Since you're using R80.20 to manage R77.30, you need to modify the one in the R77.x Backward Compatibility directory.

This thread may also be helpful in debugging: https😕/community.checkpoint.com/t5/Access-Control-Products/VPN-Troubleshooting-Commands/m-p/39636#M...

0 Kudos
Highlighted

Hi,

thanks for your answer,

I'm using two different gateways one full stand-alone R77.30 and another full stand-alone R80.20,

both have same problem. I'm testing solution proposed by another user to change one tunnel per host pair.

I'm modifying correct .user.def files, I followed info found on SK.

0 Kudos
Highlighted

In the properties of the VPN Community object under VPN Tunnel Sharing, select the option "one tunnel per pair of hosts" and reinstall policy.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos