AnsweredAssumed Answered

IPSec VPN Site to Site_Checkpoint send wrong Proxy-ID in proposal phase 2

Question asked by antv5121d677-4594-4a13-9618-a047abac1994 on May 12, 2018
Latest reply on May 17, 2018 by Houssameddine Zeghlache

Hi all, 

 

I meet the trouble when deploy  VPN Site to site between Checkpoint cluster XL and Cisco ASR. 

In the QM packet 1, Checkpoint sent to Cisco the Proxy-ID with the External IP. 

 

QM packet 1 

ID:
(172.30.1.4) - (172.30.1.5)     <---- This is external IP b/t 2 sites

Transport: UDP (IPv4)
PeerIP: ac1e0105
PeerPort: 500
Peer Name: bv-wan-p04

==> Sent to peer 172.30.1.5

 

I already have unchecked Disable NAT in VPN Community but still change this behavior. 

Anyone please support to reslove this issues. 

Many thanks

Outcomes