VPN Brance office tunnel from a Watchguard firebox2 -> checkpoint

Posted on 2004-04-19
Medium Priority
Last Modified: 2013-11-16
Hi all

I have setup an watchguard firebox 2 on the main office and a checkpoint ng55 on a branceoffice, at the watchguard box i have configure the gateway and the tunnel in the bovpn manual ipsec settings.

The ipsec policys has been setup to route between the brance office networks /6 of them/ to my singel  internal network.

When i boot up the fireboxs it just stands there arguing about SA`s and cant connect to the checkpoint firewall and vice versa. whats wrong? what have i forgot to setup ?

Could anyone please help me asap?
Question by:Seh_it24
  • 3
  • 2
LVL 23

Expert Comment

by:Tim Holman
ID: 10863411
Make sure the encryption networks / subnets, pre-shared keys and phase 1 and 2 timeouts match up at both ends.

Author Comment

ID: 10863471
well, we have dobbel check this problem and build the tunnel up alot of times now, and finaly we have establish a tunnel going in one direction, that is the HQ can communicate with every hosts on the brance office, but the brance office is not abel to ping or get any kind of respons from the HQ it only get no respons from peer..

on the HQ there is an ANY service defined for the brance office permitting communication, anything we have missed ? nating maybe ? since we use an public adress on the FW and a private network on hq who the trafic is going to any clues?
LVL 23

Expert Comment

by:Tim Holman
ID: 10869929
I would say there was either a routing or NAT problem.  You need rules in Watchguard and Check Point to ensure that traffic bound for a VPN connection is NOT Natted.

Author Comment

ID: 10871287
On the watchguard box (hq) the nating rules saying should be natted to the public
ip, so i quess since the network who is going to be routed true the tunnel is being nated since it`s a 192.168.78 subnet, whats the right soulution for this ?
LVL 23

Accepted Solution

Tim Holman earned 220 total points
ID: 10876281
You need a NAT statement saying that anything from destined for the Check Point's encryption network (for example should NOT be NATted.

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question