PDA

View Full Version : Site-to-Site VPN problems



Toleukhan
2012-09-27, 03:57
Hi all,
I cannot configure site-to-site VPN between cluster and single remote checkpoint in my lab. They have two connection between: by management and external. External is one subnet.
there two issues, I think they inter-related.

first. they encrypted management interface, not external interface, at list on tracker I see that tunnel test is going on management network. On Link selection under VPN, I configured to use external interface on both, it isn't helped.
How to make that they started to use to encrypt external IP address not management interfaces?

Second.
When I disconnect management net, because on live network they must communicate via external IP address, the Monitor displayed that connection lost to remote Checkpoint.

I configured all rules to allow connection between them. Also I NATed Smartcenter to public IP address, is it to allow Smartcenter and remote Checkpoint to communicate via external network. And for remote Checkpoint IP address I configured external IP address, not management as usually. Usually because our checkpoints is licensed by management IP addresses. May be the license is problem?

All checkpoint is power1, and R70