Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sarm_Chanatip
Collaborator

IPsec S2S VPN between Check Point ( on premise ) and Huawei Cloud

Click to Expand
Hi Experts!


We are encountering about setting up IPsec Site-to-Site VPN between Check Point Cluster and Huawei Public Cloud, the tunnel is being up, but the internal clients of both sides are not able to be communicating each other.
I found the logs dropped and got a message description said "Encryption Failure: according to the policy the packet should not have been decrypted"

2019-04-18_192534.jpg




Here are VPN setting on Check Point and Huawei Cloud


Check Point IPsec VPN configuration
2019-04-18_190227.jpg

2019-04-18_190157.jpg


2019-04-18_185829.jpg

2019-04-18_190332.jpg

2019-04-18_190416.jpg

2019-04-18_190447.jpg

2019-04-18_190515.jpg



Huawei Cloud IPsec VPN configuration

2019-04-18_190711.jpg



Remark, in regards to Transfer Protocol this option does not have on checkpoint side.



For VPN rule, we have configured as below.

2019-04-18_191644.jpg



Does anyone here have experience about this before?



Really appreciate every comments. 



Regards,

Sarm

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

The error message generally means one side or another is not configured correctly.
More specifically, the configuration is related to what network(s) and subnets are reachable behind the VPN peers.
This must match on both ends, otherwise you will see errors like this.
0 Kudos
Sarm_Chanatip
Collaborator

Hi Admin,

 

Thank you for comment.

 

The tunnel is up now, but I've got a new problem that is the host from HW Could cannot ping to some of the subnets, in this case from 10.3.1.97 <> 10.10.2.3, for an example. look at a red arrow.

 

We tried to traceroute command and found the packet was stuck at Check Point but not sure where steps I'm missing configuration

 

tvd-site-2-site-diagram.jpg

 

Please kindly advise.

 

Regards,

Sarm

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events