Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sivareddy2611
Explorer

need to make vpn

12345.png

 

TASK-1:

Establish the VPN between FW5 PC3 and Site1-FW3 PC1

Verification:

Ping from PC3 to PC1
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

TASK-2:
Establish the VPN between FW5 PC3 and Site1-FW4 PC2

Verification:

Ping from PC3 to PC2
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

TASK-3:
Establish the VPN between FW5 PC3 and Site1-FW6 PC4


Verification:

Ping from PC3 to PC4
Ping reply should be come and packet should be encrypted in Smart view Tracker.

 

Note:

i tried as shown below youtube video link but not worked

https://www.youtube.com/watch?v=mYgOztne_Gg&t=13s

please help me someone on this i am trying from last one week

 

0 Kudos
11 Replies
PhoneBoy
Admin
Admin

Version/JHF of components in question?
What is the precise configuration on each gateway in terms of the encryption domain?
Are all gateways in the same VPN community?
What precise errors are you seeing in SmartView?

sivareddy2611
Explorer

Version r77 and all gateways are in same vpn community,

Task are mentioned in the question and when i try as shown in the YouTube video link , i am able to ping pc3 to pc1 but i am not getting logs in pc3 and the ping should encrypt with vpn

0 Kudos
Raj9
Explorer

Can you please tell me how will you able to ping pc3 to pc1

0 Kudos
the_rock
Legend
Legend

You can use vpn admin guide and follow info to set up vpn tunnel. Once up, then if traffic is not going through, more debugs can be done

vpn debug trunc

vpn debug ikeon

vpn debug ikeoff

get $FWDIR.log ike.elg and vpnd files

Andy

0 Kudos
sivareddy2611
Explorer

What does it mean can you explain more clearly?

What about the YouTube video is that correct 

0 Kudos
Raj9
Explorer

Can you complete this task? If you complete then please help me how will you do this

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Please start with the following guide to setup simple Site to Site VPN:

Check Point for Beginners > Network Security 

https://community.checkpoint.com/t5/Check-Point-for-Beginners/Site-to-Site-VPN-in-R80-x-Tutorial-for...

 

Or use Site to Site VPN R81.20 Administration Guide:

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...

0 Kudos
Raj9
Explorer

As outside firewall have same network it will be treated as private network so we have to do natting. But i didn't understand how to do natting.  And after natting the private network will be known by public ip address so in console site which ip address is used to create vpn external gateway and which ip address is used to create other side network for vpn domain 

0 Kudos
PhoneBoy
Admin
Admin

Local encryption domain should always include local addresses (without NAT) of systems that will communicate over VPN tunnels.
Remote encryption domain will include the NAT addresses needed by the local systems to reach the remote systems.

0 Kudos
Raj9
Explorer

Hello sir, 

I understand what you want to say but i didn't understand how to do this so can you please explain more what wiil be the steps to make vpn end to end connectivity by using natting.

0 Kudos
the_rock
Legend
Legend

Its exactly how it works with any firewall vendor when it comes to VPN S2S tunnels...so you put LOCAL addresses as @PhoneBoy said in your CP fw enc. domain and as far as remote, that VPN domain needs to included NAT-ed IPs required to communicate.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events