- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
I have built a IPSEC tunnel between PA and CP. When i initiate traffic from PC sitting behind CP, phase 1 comes up on both FW. But phase 2 fails, i tried every possible modification in phase 2 settings(same on both end), changed intresting traffic (subnet) coming to CP as well. But i couldn't succeed.
CA has10.168.1.0/24
PA has 200.1.1.0/24
Below logs i captured.
PHASE1:
PHASE2:
TCPDUMP
I reset the tunnel and initiated traffic from PA and i am able to ping. If there was config mismatch i shouldn't be able to reach from PA as well.
Router#ping 10.168.1.1 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.168.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 24/31/44 ms
Thanks
| User | Count |
|---|---|
| 19 | |
| 17 | |
| 13 | |
| 8 | |
| 7 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Tue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across cloudsTue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across clouds