HI,
I have built a VPN Site to Site tunnel between Checkpoint VSX and AWS VPN gateway, this is route based VPN tunnel.
in high level steps, what i did
1- created virtual tunnel interface VTI - using this command -
vsx_provisioning_tool -o add interface vd vs1 vpn_tunnel numbered peer AWS_Peer local y.y.y.y remote x.x.x.x tunnel_id 10
2- Added static route for AWS VPC CIDR and gateway is z.z.z.z
3- created Mesh Community in checkpoint firewall with "Blank Domain Encryption"
4- then Created ACL in firewall with VPN domain in the rule.
After completing these steps, i asked remoted end part at AWS side to initiate the traffic then
1- both side can be seen UP.
2- But traffic is is getting block on firewall with No Reason For Block.
then one thing that i noticed is- firewall traffic is coming via VTI interface while tunnel traffic is normal outbound interface of the firewall
Any advice can i fix this issue?
Also any step by step guide for building such route based VPN tunnel with AWS?
your support is much appreciated!