Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dede79
Contributor
Jump to solution

VPN AWS - rules not matching

Hello,

I created a VPN to from onprem fw cluster to AWS gateway exactly like desribed in sk100726.

The VPN is up and I see tunneltest packets but the traffic does not match the outgoing rule with the directional match, runs to cleanup and is dropped. Selectig VPN any leads to an "accept" but not to encrypt.

Customer already have another working vpn to aws - actually no idea where to debug the rule match.

0 Kudos
2 Solutions

Accepted Solutions
the_rock
Legend
Legend

And if it hates you to read the doc (which I would not blame you for lol), then make sure vpn column is as below, 3 entries:

internal; clear - vpn communit

vpn community - internal clear

vpn community - vpn community

Push policy, test.

Andy

View solution in original post

0 Kudos
the_rock
Legend
Legend

Thats why I put my other reply, since I know most of us hate reading documentation, though my doc was short lol. Anyway, if you read it carefully, you would have seen I had in there EXACTLY what I posted after 🙂

Glad its working!

Andy

View solution in original post

0 Kudos
6 Replies
the_rock
Legend
Legend

Can you send the screenshot of the rule itself? 

Andy

0 Kudos
dede79
Contributor

2024-06-19_08-05-49.jpg

0 Kudos
the_rock
Legend
Legend

Thats why it fails. Check out my post below on what rule should look like, its in the attached doc.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos
the_rock
Legend
Legend

And if it hates you to read the doc (which I would not blame you for lol), then make sure vpn column is as below, 3 entries:

internal; clear - vpn communit

vpn community - internal clear

vpn community - vpn community

Push policy, test.

Andy

0 Kudos
dede79
Contributor

Hi - your doc helped (peer name in tunnel interface was same as interopdevice but with 1 capital letters) but this should have nothing to do with the rule I posted...I had all the 3 relevant rules.

0 Kudos
the_rock
Legend
Legend

Thats why I put my other reply, since I know most of us hate reading documentation, though my doc was short lol. Anyway, if you read it carefully, you would have seen I had in there EXACTLY what I posted after 🙂

Glad its working!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events