Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Chekcpoint appliance 1490 VPN site to site Problem

Hi all, 

anyone can help me, i create tunnel site to site between checkpoint and fortigate

the tunnel is up, but i can't ping from local address to remote address

from remote address to local address can ping

i'm already configure the policy rule and NAT rule.
can anyone help my problem

thank you

Tags (2)
0 Kudos
10 Replies
Highlighted
Platinum

Re: Chekcpoint appliance 1490 VPN site to site Problem

You need to include remote network(s) in VPN domain. 

0 Kudos
Highlighted
Iron

Re: Chekcpoint appliance 1490 VPN site to site Problem

i'm already include the remote network(s)

0 Kudos
Highlighted
Platinum

Re: Chekcpoint appliance 1490 VPN site to site Problem

Is the packet encrypted or not ? You should be able to see that in the log. If it is encrypted then the problem is likely on the Fortigate's side.
0 Kudos
Highlighted
Iron

Re: Chekcpoint appliance 1490 VPN site to site Problem

the packet no encrypted on log, the packet through firewall blade, not on the vpn blade.

0 Kudos
Highlighted
Platinum

Re: Chekcpoint appliance 1490 VPN site to site Problem

You must have a dedicated access rule and specify that traffic that is matching it shall be encrypted. This is achieved differently according to how is appliance managed - centrally or locally. Check the appropriate guide for that.

0 Kudos
Highlighted
Iron

Re: Chekcpoint appliance 1490 VPN site to site Problem

my checkpoint 1490 appliance locally managed,

and i have configured access policies and NAT policies like this :

Access Policy rule :Acces policy.jpg

NAT Policy Rule :Access NAT.JPG

any issue with this configuration?

0 Kudos
Highlighted
Platinum

Re: Chekcpoint appliance 1490 VPN site to site Problem

In service column you shall specify services you want to pass through VPN (e.g. ICMP, HTTP, etc). Currently you specify that only IPSec protocol is to be encrypted in the community. And that is not even needed.
0 Kudos
Highlighted
Iron

Re: Chekcpoint appliance 1490 VPN site to site Problem

i'm change service with any service, but the result are the same

0 Kudos
Highlighted
Platinum

Re: Chekcpoint appliance 1490 VPN site to site Problem

As you are using NAT is it allowed for VPN connection as well? Both sides needs to do that.

0 Kudos
Highlighted
Iron

Re: Chekcpoint appliance 1490 VPN site to site Problem

what happens when i'm clear the NAT rule?

0 Kudos