This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ja123
Participant
‎2021-07-09 12:21 AM

No response from AWS when pining from CheckPoint

The client is using CheckPoint R75.x and we have established a site-to-site VPN Connection. The VPN on our end was setup using AWS. 

Were are able to ping from AWS to Checkpoint and receive a response, however, when the client pings from CheckPoint, the packets pass their firewall and into the tunnel but there is no response from AWS side.

The routing and rules are all setup correctly. 

We are using 1 tunnel and AWS provides an outside and inside IPv4 cidr for the tunnel. The client used the outside cidr but wasn't sure what to do with the inside cidr. Does the inside cidr need to be added somewhere in CheckPoint?

Is there another step or solution we can take to address the above issue in terms of no receiving a response back?

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-07-09 01:10 PM

R75.x has been End of Support for quite a while and your client should upgrade to a supported release.
The appropriate instructions to configure a VPN to AWS are: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ja123
Participant
‎2021-07-11 04:22 PM
In response to PhoneBoy

hi,

Thank you for the response. Should have mentioned we are using static routing.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-11 05:29 PM
In response to ja123

While I believe it is possible to make it work in that manner it is far from optimal as the AWS VPN endpoint expects redundancy using VTIs and dynamic routing.
We do have an SK for configurations without that, but as noted this is not a recommended configuration: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ja123
Participant
‎2021-07-11 07:44 PM
In response to PhoneBoy

Hi 

Is the inside IPv4 cidr provided by AWS need to be utilised in CheckPoint?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-11 09:04 PM
In response to ja123

In this configuration it seems to be: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
However, it refers to a later version than you're running.

0 Kudos
the_rock
Legend
Legend
‎2021-07-09 03:38 PM

What @PhoneBoy sent you is best example of how to configure VPN tunnel with AWS. Disregarding the version, which btw is totally unsupported, did you do any capture on the CP firewall to see why packet is not being received? Maybe do fw monitor, zdebug, try turn off securexl as a test?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top