?
Solved

VPN Brance office tunnel from a Watchguard firebox2 -> checkpoint

Posted on 2004-04-19
7
Medium Priority
?
1,041 Views
Last Modified: 2013-11-16
Hi all

I have setup an watchguard firebox 2 on the main office and a checkpoint ng55 on a branceoffice, at the watchguard box i have configure the gateway and the tunnel in the bovpn manual ipsec settings.

The ipsec policys has been setup to route between the brance office networks /6 of them/ to my singel  internal network.

When i boot up the fireboxs it just stands there arguing about SA`s and cant connect to the checkpoint firewall and vice versa. whats wrong? what have i forgot to setup ?

Could anyone please help me asap?
0
Comment
Question by:Seh_it24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10863411
Make sure the encryption networks / subnets, pre-shared keys and phase 1 and 2 timeouts match up at both ends.
0
 

Author Comment

by:Seh_it24
ID: 10863471
well, we have dobbel check this problem and build the tunnel up alot of times now, and finaly we have establish a tunnel going in one direction, that is the HQ can communicate with every hosts on the brance office, but the brance office is not abel to ping or get any kind of respons from the HQ it only get no respons from peer..

on the HQ there is an ANY service defined for the brance office permitting communication, anything we have missed ? nating maybe ? since we use an public adress on the FW and a private network on hq who the trafic is going to any clues?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10869929
I would say there was either a routing or NAT problem.  You need rules in Watchguard and Check Point to ensure that traffic bound for a VPN connection is NOT Natted.
0
 

Author Comment

by:Seh_it24
ID: 10871287
On the watchguard box (hq) the nating rules saying 192.168.0.0/16 should be natted to the public
ip, so i quess since the network who is going to be routed true the tunnel is being nated since it`s a 192.168.78 subnet, whats the right soulution for this ?
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 220 total points
ID: 10876281
You need a NAT statement saying that anything from 192.168.0.0/16 destined for the Check Point's encryption network (for example 10.0.0.0/8) should NOT be NATted.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question