This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dwinurm
Participant
‎2019-03-13 11:02 PM

Chekcpoint appliance 1490 VPN site to site Problem

Hi all, 

anyone can help me, i create tunnel site to site between checkpoint and fortigate

the tunnel is up, but i can't ping from local address to remote address

from remote address to local address can ping

i'm already configure the policy rule and NAT rule.
can anyone help my problem

thank you

0 Kudos
10 Replies
HristoGrigorov
Mentor
Mentor
‎2019-03-14 11:07 PM

You need to include remote network(s) in VPN domain. 

0 Kudos
dwinurm
Participant
‎2019-03-17 12:41 PM
In response to HristoGrigorov

i'm already include the remote network(s)

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-03-17 09:16 PM
In response to dwinurm

Is the packet encrypted or not ? You should be able to see that in the log. If it is encrypted then the problem is likely on the Fortigate's side.
0 Kudos
dwinurm
Participant
‎2019-03-18 01:00 AM
In response to HristoGrigorov

the packet no encrypted on log, the packet through firewall blade, not on the vpn blade.

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-03-18 11:24 AM
In response to dwinurm

You must have a dedicated access rule and specify that traffic that is matching it shall be encrypted. This is achieved differently according to how is appliance managed - centrally or locally. Check the appropriate guide for that.

0 Kudos
dwinurm
Participant
‎2019-03-18 11:22 PM
In response to HristoGrigorov

my checkpoint 1490 appliance locally managed,

and i have configured access policies and NAT policies like this :

Access Policy rule :Acces policy.jpg

NAT Policy Rule :Access NAT.JPG

any issue with this configuration?

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-03-20 08:38 AM
In response to dwinurm

In service column you shall specify services you want to pass through VPN (e.g. ICMP, HTTP, etc). Currently you specify that only IPSec protocol is to be encrypted in the community. And that is not even needed.
0 Kudos
dwinurm
Participant
‎2019-03-20 08:22 PM
In response to HristoGrigorov

i'm change service with any service, but the result are the same

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-03-21 09:30 PM
In response to dwinurm

As you are using NAT is it allowed for VPN connection as well? Both sides needs to do that.

0 Kudos
dwinurm
Participant
‎2019-03-25 02:55 AM
In response to HristoGrigorov

what happens when i'm clear the NAT rule?

0 Kudos