AnsweredAssumed Answered

IPSec VPN Site to Site_Checkpoint send wrong Proxy-ID in proposal phase 2

Question asked by antv5121d677-4594-4a13-9618-a047abac1994 on May 12, 2018
Latest reply on May 23, 2018 by Houssameddine Zeghlache

Hi all, 


I meet the trouble when deploy  VPN Site to site between Checkpoint cluster XL and Cisco ASR. 

In the QM packet 1, Checkpoint sent to Cisco the Proxy-ID with the External IP. 


QM packet 1 

( - (     <---- This is external IP b/t 2 sites

Transport: UDP (IPv4)
PeerIP: ac1e0105
PeerPort: 500
Peer Name: bv-wan-p04

==> Sent to peer


I already have unchecked Disable NAT in VPN Community but still change this behavior. 

Anyone please support to reslove this issues. 

Many thanks