Create a Post
Showing results for 
Search instead for 
Did you mean: 

CheckPoint VPN R77.30/R80.20 vs. Cisco ASA 5516


it's my first post in about 25 years installing CP (first one was an 4.1 on NT 4.0 Server).

I configured as usual my VPN and other site is very collaborative.

IKE Phase 1 is OK!

IPSEC Phase 2 starts it appears in VPN TU -> 2 menu ... but no INBOUND/OUTBOUND created.

I tried to follow almost any SK, now I also configured user.def.FW1 (I,m testing both on old R77.30 appliance and new R80.20 openserver vmware).

My problem I supposed is to export only one HOST (yes, to reach another single host ... I already asked other side to create Network Object on Cisco and not Host Object, but no way.

I really don't know how to fix this problem,
if somebody had same issue and wants to share solution,

Although tomorrow morning I'll open a ticket to Support and I try to fix with them.

I prefer to study solution and to debug, instead of directly ask for support, but this time it seems to be grater than me.




0 Kudos
3 Replies

What is the full path to the user.def.FW1 you are modifying? Since you're using R80.20 to manage R77.30, you need to modify the one in the R77.x Backward Compatibility directory.

This thread may also be helpful in debugging: https😕/

0 Kudos


thanks for your answer,

I'm using two different gateways one full stand-alone R77.30 and another full stand-alone R80.20,

both have same problem. I'm testing solution proposed by another user to change one tunnel per host pair.

I'm modifying correct .user.def files, I followed info found on SK.

0 Kudos

In the properties of the VPN Community object under VPN Tunnel Sharing, select the option "one tunnel per pair of hosts" and reinstall policy.

R80.40 addendum for book "Max Power 2020" now available
for free download at
0 Kudos