Tunnel is up and ICMP packets are sent encrypted but no response received
||Small and Medium Business Appliances, Branch Office Appliances
|Platform / Model
||600, 700, 1100, 1400, 900
- VPN tunnel is up and ICMP packets are sent encrypted but no response received from the other site.
- Nothing indicates the issue in logs and debugs.
The cause is super-netting enabled on Check Point device by default that other vendors cannot resolve properly.
To resolve the problem, disable the supper-netting on 600/700/1100/1400 locally managed appliance.
To do so,
- In Check Point WebUI, go to Device tab -> Advanced settings
- Clear the "Join adjacent subnets in IKEv1 quick mode" option.
- Re-establish the tunnel: connect to CLI, enter Expert mode and run:
[Expert@Hostname]# vpn tu
Now enter IP address of the peer
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.