Non Meraki Site to Site VPN with MX68 & Checkpoint
We're setting up a site to site VPN between our Meraki MX68 and a Checkpoint FW. The tunnel seems to come up fine, the Checkpoint says the tunnel is up and the Meraki dashboard also says the same. However, we're seeing an IKE failure on the Checkpoint logs...saying the peer did not respond (assuming it's referring to the Meraki Peer). There's not loads of these messages but it concerns me that things may not be entirely stable.
On the Meraki Dashboard side, we're also seeing the following message in the event log:
msg: failed to pre-process ph2 packet
My understanding was this issue may relate to a configured subnet mismatch, but we've double checked our config and it all looks fine.
Has anyone else seen this before or have any experience with setting up a Site to Site VPN between a Checkpoint and a Meraki device?
I think with CheckPoint the CheckPoint side needs to disable NAT-T (this relies on you having a public IP addresses directly on your MX, and the CheckPoint directly having a public IP address on its outside interface).