Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ja123
Participant

No response from AWS when pining from CheckPoint

The client is using CheckPoint R75.x and we have established a site-to-site VPN Connection. The VPN on our end was setup using AWS. 

Were are able to ping from AWS to Checkpoint and receive a response, however, when the client pings from CheckPoint, the packets pass their firewall and into the tunnel but there is no response from AWS side.

The routing and rules are all setup correctly. 

We are using 1 tunnel and AWS provides an outside and inside IPv4 cidr for the tunnel. The client used the outside cidr but wasn't sure what to do with the inside cidr. Does the inside cidr need to be added somewhere in CheckPoint?

Is there another step or solution we can take to address the above issue in terms of no receiving a response back?

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

R75.x has been End of Support for quite a while and your client should upgrade to a supported release.
The appropriate instructions to configure a VPN to AWS are: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ja123
Participant

hi,

Thank you for the response. Should have mentioned we are using static routing.

0 Kudos
PhoneBoy
Admin
Admin

While I believe it is possible to make it work in that manner it is far from optimal as the AWS VPN endpoint expects redundancy using VTIs and dynamic routing.
We do have an SK for configurations without that, but as noted this is not a recommended configuration: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ja123
Participant

Hi 

Is the inside IPv4 cidr provided by AWS need to be utilised in CheckPoint?

0 Kudos
PhoneBoy
Admin
Admin

In this configuration it seems to be: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
However, it refers to a later version than you're running.

0 Kudos
the_rock
Legend
Legend

What @PhoneBoy sent you is best example of how to configure VPN tunnel with AWS. Disregarding the version, which btw is totally unsupported, did you do any capture on the CP firewall to see why packet is not being received? Maybe do fw monitor, zdebug, try turn off securexl as a test?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events