Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tsukasa
Participant

Site-to-Site VPN Fail(Checkpoint 1500 series and Fortigate)

Hello everyone.

 

I am tring to connect site-to-site VPN with Checkpoint 1500 series and fortigate.

 

It seems to be established VPN tunnel and be connected to the opposite fortigate.

 

But it is impossible to reach ping each other lan .

 

There is no error message on security log of checkpoint.

 

The tunnel of the fortigate is up too.

 

How can I connect to the opposite fortigate?

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

Did you read  sk108600: VPN Site-to-Site with 3rd party ? What about Forti logs ? VPN/IKE debug shows that all VPN establishing phases are successfull? How about traffic capture ?

0 Kudos
Timothy_Hall
Champion
Champion

Almost certainly a Phase 2 failure involving the Proxy-ID/subnets negotiation. VPN - Check Point and Fortigate

Have the Fortinet side initiate the interesting traffic to start the tunnel towards the Check Point, then post the Check Point VPN logs that appear.  If the Check Point is trying to initiate the tunnel the resulting logs from that will not be helpful.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com