CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 1 of 1

Thread: Cisco LWAP not working at remote site to site VPN offices

  1. #1
    Join Date
    2016-10-20
    Posts
    5
    Rep Power
    0

    Default Cisco LWAP not working at remote site to site VPN offices

    I have a problem in that I cannot get our Cisco WIFI Light Weight Access Points in our remote offices to connect to our central Cisco Wireless LAN Controller. The Cisco WLC is at the same datacentre as our Check Point VSX VPN head end. The remote office sites are all using a Cisco ISR for the site to site VPN. The LWAPs connect just fine to the WLC when using the existing Cisco site to site VPN.

    From the remote office LWAP LAN I can ping the Cisco WLC & vice-versa. The remote office AP picks up an IP via DHCP from the Cisco ISR, but as it can't connect to the Cisco WLC, it is rebooting & picking up an new IP every few minutes. According to the logs & debug crypto ipsec on the Cisco ISR I can see LWAP traffic being encrypted onto the VPN from the remote office Branch. I can't however see anything in the logs on the Check Point VPN head end as evidence the CAPWAP traffic is being decrypted. The only traffic I can see is my ping testing. Doing a tcpdump on the Check Point confirms this. Unfortunately I have had to back out of the changes, but my next step was to try & enable debug on the Checkpoint.

    Has anyone else had any experience with Cisco Light Weight Access Points over site to site VPN with Check Point? Any other suggestions?

    Thanks in advance.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Site_to_site_VPN_with_Cisco_WIFI_LWAP_ver1.0.jpg 
Views:	18 
Size:	287.8 KB 
ID:	1261  

Similar Threads

  1. Site to Site VPN with Cisco router having same internet IP subnet at both sides
    By jangidsachin in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2014-02-27, 01:53
  2. VPN site to site tunnel route all traffic through gateway stops working
    By EarthJuice in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2013-09-12, 11:16
  3. Checkpoint 4600 To Cisco 5505 ASA Site to Site IPSec Help
    By jg93635 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2013-08-21, 17:37
  4. Configruration VPN site to site between Checkpoint NGX and Router Cisco 1861
    By vikjava in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2010-04-28, 09:03
  5. client and site to site vpn not working after introducing peplink device
    By naomi.rampersad@gmail.com in forum SecureClient/SecuRemote
    Replies: 3
    Last Post: 2008-04-02, 08:19

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •