[strongSwan] VPN to CheckPoint with NAT

Jakob Curdes jc at info-systems.de
Mon Dec 2 15:22:20 CET 2013

Am 02.12.2013 14:47, schrieb Thomas Liesner:
> Hi all,
> i am trying to accomplish a vpn connection via strongSwan 4.6.1 to a 
> bigger CheckPoint gateway. strongSwan is built into a Gateprotect 
> security appliance.
> > Ike::                  Auth exchange: Sending notification to peer: 
> Traffic selectors unacceptable
We have an IPSec connection to a checkpoint FW but it works only when 
triggered by the checkpoint side. It appears that CP has a rather 
strange concept for deciding which traffic to put where; essentially as 
I see it this breaks basic concepts like routing etc. What happens if 
you let the checkpoint start the connection?


More information about the Users mailing list