This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pyiephyohtay
Contributor
‎2023-04-17 09:16 PM

Can't Ping gateway IP of End VPN IP Address

Dear All,

Currently, I'm facing with the Ping and cannot access of another side Public IP address.

I have the IPsec configuration between Checkpoint Quantum 1550 Appliance to Palo alto Firewall 220. For the VPN tunnel and connection is working fine between both side. The problem is under of checkpoint office internet users are cannot ping and connect to another side of public IP address, which is create for using cisco AnyConnect VPN 202.80.78.168:444 for other purpose. These users are need to connect that 202.80.78.168:444 but can't access.

If we use the 1.1.1.1 cloud flare VPN software in users client pc of under checkpoint internet, they can access ping that public ip address and can access AnyConnect VPN with 202.80.78.168:444. without any other issues.

So, how can i solve my issues our client users want to access 202.80.78.168:444 without 1.1.1.1 vpn using.

Please kindly help investigate my issues, many thanks.

 

Best Regards,

Pyie Phyo Htay.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-04-20 01:48 PM

Just to be clear, the IP address you're having trouble with is configured as a VPN peer in the Quantum Spark appliance, correct?
The Check Point gateway expects to send only encrypted traffic to the remote VPN IP address (i.e. it's included in the encryption domain).
If the remote end isn't configured appropriately, the traffic will fail as it is doing.
That's scenario 3 here: https://support.checkpoint.com/results/sk/sk108600

If your SMB is not managed externally with a Smart-1, you can still apply the changes mentioned in this SK in expert mode.
For the change to take effect, however, you will either need to reboot OR execute the command fw_configload and wait a few minutes.

If that doesn't work, you can try and debug the VPN per: https://support.checkpoint.com/results/sk/sk62482 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events