Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dwinurm
Participant

Chekcpoint appliance 1490 VPN site to site Problem

Hi all, 

anyone can help me, i create tunnel site to site between checkpoint and fortigate

the tunnel is up, but i can't ping from local address to remote address

from remote address to local address can ping

i'm already configure the policy rule and NAT rule.
can anyone help my problem

thank you

0 Kudos
10 Replies
HristoGrigorov

You need to include remote network(s) in VPN domain. 

0 Kudos
dwinurm
Participant

i'm already include the remote network(s)

0 Kudos
HristoGrigorov

Is the packet encrypted or not ? You should be able to see that in the log. If it is encrypted then the problem is likely on the Fortigate's side.
0 Kudos
dwinurm
Participant

the packet no encrypted on log, the packet through firewall blade, not on the vpn blade.

0 Kudos
HristoGrigorov

You must have a dedicated access rule and specify that traffic that is matching it shall be encrypted. This is achieved differently according to how is appliance managed - centrally or locally. Check the appropriate guide for that.

0 Kudos
dwinurm
Participant

my checkpoint 1490 appliance locally managed,

and i have configured access policies and NAT policies like this :

Access Policy rule :Acces policy.jpg

NAT Policy Rule :Access NAT.JPG

any issue with this configuration?

0 Kudos
HristoGrigorov

In service column you shall specify services you want to pass through VPN (e.g. ICMP, HTTP, etc). Currently you specify that only IPSec protocol is to be encrypted in the community. And that is not even needed.
0 Kudos
dwinurm
Participant

i'm change service with any service, but the result are the same

0 Kudos
HristoGrigorov

As you are using NAT is it allowed for VPN connection as well? Both sides needs to do that.

0 Kudos
dwinurm
Participant

what happens when i'm clear the NAT rule?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events