This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GA
Explorer
‎2022-09-13 04:48 AM

S2S with PPPoE

I welcome colleagues.
Please help with a solution. I am building a vpn tunnel with a remote gateway 1530, which is connected by the same management server.
The WAN external interface works via PPPoE using the provider's login and password, receiving a dynamic address.
In the settings of the smart console, I set up a dynamic address on the WAN interface, in the Link Selection I configure setting resolve by dns name, but the traffic does not enter the tunnel. I renew the vpn certificate by adding alternative names to it, the situation did not help.
By setting a static address, I get the error: Main Mode local machine configured not to respond to unknown IP addresses (i.e. not exportable for SR, and/or not included in the RemoteAccess community, and/or no DAIP's defined).
How should the tunnel be built in this case? What exactly to do in Link Selection?

0 Kudos
5 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-09-13 05:20 AM

Please provide more details - we know one peer is a 1530 (firmware version ?) with DAIP managed by a CP SMS (version / jumbo take ?), but you give no details of the peer !

Please look into sk117713: "Main Mode local machine configured not to respond to unknown IP addresses" error on local... and sk167473: Dynamically Assigned IP Address (DAIP) Gateway FAQ

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
GA
Explorer
‎2022-09-13 05:25 AM
In response to G_W_Albrecht

Hi Albrecht.
Thanks for your reply.
SMB version 80.20.35, I don't remember the exact build.
Management server 81.10 latest take. I have seen these articles and none of them helped.
I've tried using just the domain name, fqdn, as written there, but that doesn't help. Tunnel traffic is sent to the Internet.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-09-13 05:32 AM
In response to GA

80.20.35 is rather old, current version is R80.20.50. Still you do not mention the peer ! The SMB GW using DAIP has to start the VPN tunnel - sometimes, NAT-T has to be activated manually. see sk162472.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
GA
Explorer
‎2022-09-13 05:39 AM
In response to G_W_Albrecht

Peer 81.10 last take.
And where does traversal nat come in if both peers are connected directly to the provider?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-09-13 05:56 AM
In response to GA

It does only come in if the VPN fails ! Better contact TAC to get this resolved quickly...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events