This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sivareddy2611
Explorer
‎2022-05-25 03:16 PM

need to make vpn

12345.png

 

TASK-1:

Establish the VPN between FW5 PC3 and Site1-FW3 PC1

Verification:

Ping from PC3 to PC1
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

TASK-2:
Establish the VPN between FW5 PC3 and Site1-FW4 PC2

Verification:

Ping from PC3 to PC2
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

TASK-3:
Establish the VPN between FW5 PC3 and Site1-FW6 PC4


Verification:

Ping from PC3 to PC4
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

Note:

i tried as shown below youtube video link but not worked

https://www.youtube.com/watch?v=mYgOztne_Gg&t=13s

please help me someone on this i am trying from last one week

 

Labels
0 Kudos
14 Replies
PhoneBoy
Admin
Admin
‎2022-05-25 05:39 PM

Version/JHF of components in question?
What is the precise configuration on each gateway in terms of the encryption domain?
Are all gateways in the same VPN community?
What precise errors are you seeing in SmartView?

sivareddy2611
Explorer
‎2022-05-25 05:45 PM
In response to PhoneBoy

Version r77 and all gateways are in same vpn community,

Task are mentioned in the question and when i try as shown in the YouTube video link , i am able to ping pc3 to pc1 but i am not getting logs in pc3 and the ping should encrypt with vpn

0 Kudos
Raj9
Explorer
‎2023-10-03 12:28 AM
In response to sivareddy2611

Can you please tell me how will you able to ping pc3 to pc1

0 Kudos
the_rock
Legend
Legend
‎2022-05-25 06:13 PM

You can use vpn admin guide and follow info to set up vpn tunnel. Once up, then if traffic is not going through, more debugs can be done

vpn debug trunc

vpn debug ikeon

vpn debug ikeoff

get $FWDIR.log ike.elg and vpnd files

Andy

0 Kudos
sivareddy2611
Explorer
‎2022-05-25 08:21 PM
In response to the_rock

What does it mean can you explain more clearly?

What about the YouTube video is that correct 

0 Kudos
Raj9
Explorer
‎2023-09-28 12:55 AM
In response to sivareddy2611

Can you complete this task? If you complete then please help me how will you do this

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2023-09-28 01:20 AM
In response to Raj9

Please start with the following guide to setup simple Site to Site VPN:

Check Point for Beginners > Network Security 

https://community.checkpoint.com/t5/Check-Point-for-Beginners/Site-to-Site-VPN-in-R80-x-Tutorial-for...

 

Or use Site to Site VPN R81.20 Administration Guide:

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

0 Kudos
Raj9
Explorer
‎2023-09-28 11:15 PM
In response to Tal_Paz-Fridman

As outside firewall have same network it will be treated as private network so we have to do natting. But i didn't understand how to do natting.  And after natting the private network will be known by public ip address so in console site which ip address is used to create vpn external gateway and which ip address is used to create other side network for vpn domain 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-03 07:52 AM
In response to Raj9

Local encryption domain should always include local addresses (without NAT) of systems that will communicate over VPN tunnels.
Remote encryption domain will include the NAT addresses needed by the local systems to reach the remote systems.

0 Kudos
Raj9
Explorer
‎2023-10-03 11:24 PM
In response to PhoneBoy

Hello sir, 

I understand what you want to say but i didn't understand how to do this so can you please explain more what wiil be the steps to make vpn end to end connectivity by using natting.

0 Kudos
the_rock
Legend
Legend
‎2023-10-04 03:06 AM
In response to Raj9

Its exactly how it works with any firewall vendor when it comes to VPN S2S tunnels...so you put LOCAL addresses as @PhoneBoy said in your CP fw enc. domain and as far as remote, that VPN domain needs to included NAT-ed IPs required to communicate.

Andy

0 Kudos
Lingesh
Explorer
‎2025-03-16 10:12 PM

Sir can u explain how you achieve this and i am beginner i should finish this task can you plz provide some u tube source link or can u explain what to do in each phase and how many server and firewall(two - tier ) should to be installed 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-03-17 11:24 AM
In response to Lingesh

Aside from official documentation, we have something in Check Point for Beginners that might be useful: https://community.checkpoint.com/t5/Check-Point-for-Beginners/Site-to-Site-VPN-in-R80-x-Tutorial-for... 

0 Kudos
the_rock
Legend
Legend
‎2025-03-17 11:27 AM
In response to Lingesh

I would say what @PhoneBoy linked is good start. Setting us the tunnel is easy, but if it does not work, then you would need to troubleshoot (run debugs, examine the config, check logs, etc)

Check Point | 3rd Party Site to Site VPN - YouTube

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events