Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kristait
Contributor

Help Needed: S2S VPN Configuration Between AWS and SMB Firewall (1800) (Locally managed)

Hello Everyone,

We need assistance regarding the S2S VPN configuration between AWS and the SMB Firewall (1800) Locally managed device.

We followed the documentation provided and configured the VPN. How to configure Site-to-Site VPN between Amazon Web Services and locally managed SMB appliance (che...

The tunnel is up on both sides, but we are still unable to communicate between devices or ping from either end.

SR: 6-0003922338 is open from 4/22/2024 and still waiting from solution and support from team.

Please let us know if this device is capable of handling this type of configuration. Any insights or guidance would be greatly appreciated.

Thank you!

 

0 Kudos
9 Replies
_Val_
Admin
Admin

If you are still unable to resolve this, please open a TAC request: https://help.checkpoint.com

0 Kudos
PhoneBoy
Admin
Admin

What EXACTLY have you configured?
Please provide screenshots, of the things mentioned in the SK you linked, redacting sensitive details.
Otherwise, I suggest you do a remote session with TAC, which it appears they tried to do with you previously.

0 Kudos
kristait
Contributor

Hello @PhoneBoy, Sure here is the configuration.

AWS Side Configuration

1. Create a Site-to-Site Connection:

  • Under Static Route, add your local network CIDR.
  • Download the configuration:
    • Vendor: Checkpoint
    • Platform: Gaia
    • Software: R80.10+
    • IKE Version: IKEv2

Checkpoint SMB Configuration

1. Connect to the Firewall via SSH and Create a VPN Tunnel (VTI):

  •  Verify that the VPN tunnel (VTI) is visible under Local Network

VTP.JPG

2. Create a VPN Site:
- Navigate to VPN -> VPN Sites -> New.

Remote Site

T1 Remote Site.JPG

Encryption

Encryption.JPG

Advanced

Advanced.JPG

This is the configuration we have done as per the sk111733

Below is the screenshot where you able to see the VPN tunnel us up at both sides.

AWS Tunnel1.JPGCP Tunnel1.JPG


0 Kudos
mccabe
Employee
Employee

Can you share an output of the routing table from the Spark?

0 Kudos
kristait
Contributor

Below is the route Table

route.JPG

0 Kudos
mccabe
Employee
Employee

Thanks. Now check on the AWS side that there's a corresponding route coming back to the Spark on vpnt1

0 Kudos
kristait
Contributor

Hello, does anyone know how long the TAC team takes to resolve an issue? My ticket has been open for the last three months, but they have been unable to resolve it or provide a proper solution.

0 Kudos
PhoneBoy
Admin
Admin

Depends on the exact nature of the issue.
If you send me the SR in a PM, I can take a look. 

0 Kudos
PhoneBoy
Admin
Admin

Thanks, I've reviewed the SK.

Are you using Policy Based Routing with this configuration?
If so, then this SK might apply: https://support.checkpoint.com/results/sk/sk180433 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events