Hello there guys, I've searched as much as I could, but, wasn't able to find a *solid* response to the question:
On Check Point NG R55W AI, can someone *force* a VPN Tunnel to be established on a specific External Network Interface Card? As you imagine, we have a Check Point NG R55W AI with 2 NICs on 2 different Switches, connected onto 2 different Routers, connected onto 2 different ISPs. CP -------- ISP-A (CP NIC-A: 1.2.3.4) | | | ISP-B (CP NIC-B: 5.6.7.8) NIC 1.2.3.4 is the one used in the Firewall-Object-Properties and where the License resides. We want to establish the VPN (Interoperable Device, NOT Check Point Firewall) on NIC 5.6.7.8. What's happening is that we do send IKE Packets from NIC-B to the other side and when IKE Phase 1 is about to complete, the Firewall on the other side complaints that the IP Addresses do not match for the IPSec Tunnel. In other words, even though the initiated by NIC-B IKE connection is correct, when IKE Phase 1 is about to complete, the IP Address within the Payload WE send, is not for NIC-B, but, for NIC-A... The actual message we get back from the other side is this: IKE: Phase 1 Received Notification from Peer: payload malformed I have tried the following: - Policy, Global Properties, VPN, Advanced, "Resolving Mechanism", Enable dynamic interface resolving per gateway (must be defined per gateway) - (then on the Gateway object) VPN, VPN Advanced, Dynamic Interface resolving configuration..., Enable dynamic resolution by peer VPN-1 gateways, Upon tunnel initialization - Using GUIDBEdit, changed the following: * IPSec_orig_if_nat from *true* to *false* * IPSec_main_if_nat left as *false* Some facts: - Our Firewall is an NG R55W AI, HFA04, Hotfix011, Build 004 - The VPN Module is an NG R55W AI, HFA04, Hotfix011, Build 003 - The other Firewall is an Astaro something... - We're running Traditional Mode Any ideas, comments, remarks? Any help is greatly appreciated!!! Cheers, Dimitris ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
