Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 3 subscribers
  • Views 27501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 => Checkpoint IPSec S2S VPN

thentom
Hi,
I established an IPSec Site2Site VPN between our UTM and a Checkpoint Firewall. 
Both sides are using networks (not hosts) to be encrypted.
local: 10.33.86.0/24  remote: 172.20.250.0/24
The tunnel works, I can reach IPs in remote network 172.20.250.0/24
but the remote network can't reach IP's in my local network 10.33.86.0/24

This is the corresponding error message:

2013:01:03-18:14:38 fw-1 pluto[24905]: "S2S_1" #12: cannot respond to IPsec SA request because no connection is known for 10.33.86.5/32===***.***.x.2[***.***.***.2]...***.***.***.4[***.***.***.4]===172.20.250.10/32
2013:01:03-18:14:38 fw-1 pluto[24905]: "SS2S_1" #12: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.4:500

To work around this issue I added the host 10.33.86.5/32 to our local networks and 172.20.250.10/32 to the remote networks. As result, all IPs in 10.33.86.0/24 were reachable from remote side.
We compared everything 10 times. Tunnels between 2 Astaro UTMs are working as expected.
Does anybody have an idea about this?
Cheers
Thomas


This thread was automatically locked due to age.
Parents
  • 0
    Hi,
    I will have to establish the same VPN connection with other company. UTM9 - Checkpoint.
    But i couldn't find not any successful example of UTM9+Checkpoint...

    Checkpoint admin side sent me this information:
    vpn-gateway - IP1; 
    vpn-domain - IP2; 
    Encryption Method - IKEv2, IKEv1; 
    Encryption Suite Phase1 - AES256/SHA1/Goup2(1024bit); 
    Encryption Suite Phase2 - AES128/SHA1/Goup2(1024bit); 

    1) Could you please tell me what information i need to enter into UTM9 
    2) what information i should give to checkpoint admin - he asks me of vpn-gateway, vpn-domain. 
    3) And what about certificates - we need to exchange with them also ?
Reply
  • 0
    Hi,
    I will have to establish the same VPN connection with other company. UTM9 - Checkpoint.
    But i couldn't find not any successful example of UTM9+Checkpoint...

    Checkpoint admin side sent me this information:
    vpn-gateway - IP1; 
    vpn-domain - IP2; 
    Encryption Method - IKEv2, IKEv1; 
    Encryption Suite Phase1 - AES256/SHA1/Goup2(1024bit); 
    Encryption Suite Phase2 - AES128/SHA1/Goup2(1024bit); 

    1) Could you please tell me what information i need to enter into UTM9 
    2) what information i should give to checkpoint admin - he asks me of vpn-gateway, vpn-domain. 
    3) And what about certificates - we need to exchange with them also ?
Children
No Data
Unfiltered HTML