AnsweredAssumed Answered

How do I change the local id for an IKEv2 IPsec VPN?

Question asked by Mathias Weidner on Dec 11, 2018
Latest reply on Dec 14, 2018 by Dameon Welch-Abernathy



I'm using a Checkpoint VSX with R77.30, configuring it via SmartConsole.


There I have set up an IPsec VPN with IKEv2 to a Cisco device.

The peer is telling me that he gets an odd remote-id for this VPN, so that I have investigated this using `vpn debug trunc` and looking into $FWDIR/log/ikev2.xmll afterwards. There I found the following:


less $FWDIR/log/ikev2.xmll

<Exchange serial="71386" Peer="ipsec-peer" Dir="Outbound" Type="Authentication">
<Message Valid="Yes" Initiator="Yes" Response="No" higherVer="No">
<Payload Type="IDi" Next="Auth" Length="12" Critical="No">

The remote-id that the peer mentioned is my local-id (IDi) in the debug file (9.a.b.c). This is the address of the management interface of the Checkpoint.


What I want to configure instead of 9.a.b.c is the address of the outgoing interface ( I have looked up the VPN Administration Guide for R77 Versions but didn't find an answer.


Can anyone help me?