- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Please consider the following diagram:
The Check Point firewall is a VS on a VSX Cluster running R80.20.
The External interface is assigned a private IP address. But public IP addresses 1.1.1.0/24 are routed to this Check Point firewall.
I need to make a VPN tunnel with a Cisco device with IP 2.2.2.2.
Do you guys have any ideas?
We tried so far to add a dummy interface on the VS that leads to nowhere, but with a Public IP 1.1.1.1. There is a negotiation of the tunnel with the Cisco device, but IKE Phase 1 doesn't go through.
On the Cisco side, we have error messages like:
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 1.1.1.1 was not encrypted and it should've been.
ISAKMP: (1075):retransmitting phase 1 MM_KEY_EXCH...
On Check Point's side we have:
Main Mode Sent Notification to Peer: authentication failed
With a public IP address on the external interface, there is no problem.
| User | Count |
|---|---|
| 39 | |
| 19 | |
| 13 | |
| 12 | |
| 11 | |
| 10 | |
| 7 | |
| 7 | |
| 7 | |
| 7 |
Tue 28 Apr 2026 @ 06:00 PM (IDT)
Under the Hood: Securing your GenAI-enabled Web Applications with Check Point WAFThu 30 Apr 2026 @ 03:00 PM (PDT)
Hillsboro, OR: Securing The AI Transformation and Exposure ManagementTue 28 Apr 2026 @ 06:00 PM (IDT)
Under the Hood: Securing your GenAI-enabled Web Applications with Check Point WAFTue 12 May 2026 @ 10:00 AM (CEST)
The Cloud Architects Series: Check Point Cloud Firewall delivered as a serviceThu 30 Apr 2026 @ 03:00 PM (PDT)
Hillsboro, OR: Securing The AI Transformation and Exposure Management
