I have an ipsec vpn between a Fortinet firewall (Fortigate 100D version 6.2.10) and a Check Point firewall (version R81.10)
The problem I am having is the following:
In phase 2 the firewalls negotiate subnets 172.17.1.0/24 (Check Point side) and 172.17.2.0/24 (Fortigate side). Phase 2 goes up correctly and when calls are made from the Fortigate the connection is successful.
On the other hand, when the connection is initialized by Check Point even though tunnel 172.17.1.0/24 172.17.2.0/24 has been negotiated, Check Point tries to negotiate a new tunnel with the specific IP of the client that is trying the connection. The tunnel is rejected by Fortigate as it is not the one agreed upon and from the logs I receive the no response from peer error.
Is there a setting on the Check Point to eliminate this problem ?
Thanks