Non Meraki Site to Site VPN with MX68 & Checkpoint

NOS48
Here to help

Non Meraki Site to Site VPN with MX68 & Checkpoint

Hi,

 

We're setting up a site to site VPN between our Meraki MX68 and a Checkpoint FW.  The tunnel seems to come up fine, the Checkpoint says the tunnel is up and the Meraki dashboard also says the same.  However, we're seeing an IKE failure on the Checkpoint logs...saying the peer did not respond (assuming it's referring to the Meraki Peer).  There's not loads of these messages but it concerns me that things may not be entirely stable.

 

On the Meraki Dashboard side, we're also seeing the following message in the event log:

msg: failed to pre-process ph2 packet


My understanding was this issue may relate to a configured subnet mismatch, but we've double checked our config and it all looks fine.

Has anyone else seen this before or have any experience with setting up a Site to Site VPN between a Checkpoint  and a Meraki device?

 

Cheers

Neil

 

2 Replies 2
MarcP
Kind of a big deal
PhilipDAth
Kind of a big deal
Kind of a big deal

I think with CheckPoint the CheckPoint side needs to disable NAT-T (this relies on you having a public IP addresses directly on your MX, and the CheckPoint directly having a public IP address on its outside interface).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels