AnsweredAssumed Answered

CheckPoint VPN with PaloAlto not working about invalid proxy id

Question asked by Worapong Janloy on Sep 26, 2018
Latest reply on Sep 26, 2018 by Matthias Haas

Client(192.168.100.100) ----[CheckPoint](192.168.121.100)----(192.168.121.200)[PaloAlto]----Client(192.168.200.100)

 

On CheckPoint Side
VPN Domain : 192.168.100.0/24
Interoperable Device VPN Domain : 192.168.200.0/24
VPN Tunnel Share : already config both per subnet and per gateway but have the same result.
user.def.FW1 :
subnet_for_range_and_peer = {
<192.168.121.200, 192.168.100.1, 192.168.100.254; 255.255.255.0>
};

 

On PaloAlto Side
Proxy ID : Local : 192.168.200.0/24 and Remote : 192.168.100.0/24

 

ERROR message from Palo : description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 192.168.121.200/32 type IPv4_address protocol 0 port 0, received remote id: 192.168.100.0/24 type IPv4_subnet protocol 0 port 0.

 

 

The Result: Client from PaloAlto side can access to client on Checkpoint side but on CheckPoint side can't access client on palo side.

Outcomes