AnsweredAssumed Answered

S2S-IPSEC-Tunnel not comming up without public DNS server configured - why?

Question asked by Julius Kaiser on Oct 16, 2017
Latest reply on Oct 17, 2017 by Julius Kaiser

Hello Folks,

 

I have an IPSEC tunnel configured on the given platform (see below). The tunnel peer is defined by IP address, not hostname. Tunnel config is default, Check Point as remote gateway (same platform, firmware etc), perfect forward secrecy with DH Group 2, no NAT.

 

My problem is: The Tunnel won't come up without a public reachable DNS server configured as the primary DNS server under Device/ DNS/ "Configured DNS Servers".

 

Does anyone know this kind of behaviour and can provide an explanation, or is this a bug?

 

Thanks in advance.

 

Appliance:Check Point 1430 Appliance (gro-aue-fw01)
Security Management:Locally managed
Version (Firmware):R77.20.40 (990171107)

Outcomes