https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141649#M21877 <P>Then you will not find them in the routing table. You can try with the following command in the Expert mode:</P><P><EM><STRONG>fw tab -f -t vpn_routing -u</STRONG></EM></P> Wed, 16 Feb 2022 12:38:09 GMT mk1 2022-02-16T12:38:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141588#M21863 <P>Hello Mates,</P><P>have here a R81.10 T22 with a S2S VPN to 3rd Party but I cannot see the route to the target encryption domain in the route table of the OS or in Gaia. The VPN works fine though.</P><P>Is this by design or do I miss an option?</P><P>&nbsp;</P><P>Regards</P><P>David</P> Tue, 15 Feb 2022 20:37:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141588#M21863 D_W 2022-02-15T20:37:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141617#M21870 <P>Is this a route based or policy based VPN?</P> Wed, 16 Feb 2022 08:40:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141617#M21870 mk1 2022-02-16T08:40:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141637#M21874 <P>We define in the VPN communities the encryption domains for each site so i guess it's domain based.<BR />I haven't found a quick answer about the difference of each types (route based, policy based, domain based) <span class="lia-unicode-emoji" title=":grinning_face_with_sweat:">😅</span></P> Wed, 16 Feb 2022 11:15:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141637#M21874 D_W 2022-02-16T11:15:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141649#M21877 <P>Then you will not find them in the routing table. You can try with the following command in the Expert mode:</P><P><EM><STRONG>fw tab -f -t vpn_routing -u</STRONG></EM></P> Wed, 16 Feb 2022 12:38:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141649#M21877 mk1 2022-02-16T12:38:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141651#M21878 <P>ah yes there i see it...<BR />Any ideas how i can use this route now to redistribute it via OSPF?<BR />I mean it works when I manually add an static-route for the neeeded route and add it to a route-map but this is an equal ugly solution as the output from "<EM><STRONG>fw tab -f -t vpn_routing -u</STRONG></EM>" <span class="lia-unicode-emoji" title=":sad_but_relieved_face:">😥</span></P> Wed, 16 Feb 2022 12:59:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141651#M21878 D_W 2022-02-16T12:59:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141653#M21879 <P>In my opinion, after you need dynamic routing the best way would be to convert to route based VPNs. As you said, it's not possible to advertise a route which doesn't exist in your routing table. The other option is the proposed from you, to add static route pointing to your gateway through the proper outgoing interface for instance and then advertise it via OSPF.</P> Wed, 16 Feb 2022 13:18:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141653#M21879 mk1 2022-02-16T13:18:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141656#M21881 <P>Those are not OS system level routes, those are VPN routes.</P> Wed, 16 Feb 2022 13:30:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141656#M21881 _Val_ 2022-02-16T13:30:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141664#M21884 <P>I checked now the situation on another CP Gateway (r80.40) where we have other domain based VPNs and there I see the kernel Routes. BUT only the routes from the star communities.</P><P><BR />Tried now to reconfigure my Mesh-Community to Star to check if the Routes will show up but no <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Wed, 16 Feb 2022 14:22:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141664#M21884 D_W 2022-02-16T14:22:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141666#M21885 <P>You can't redistribute that directly since routes in the vpn_routing table are not "real" routes that exist in the Gaia OS that OSPF can see.</P> <P>If you are using at least R81, check out NAT Pools which should allow redistribution.&nbsp; Here is the relevant page from my Gaia 3.10 Immersion self-guided video series:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="natpools2.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/15421i732F9F547F07C8FC/image-size/large?v=v2&amp;px=999" role="button" title="natpools2.png" alt="natpools2.png" /></span></P> Wed, 16 Feb 2022 14:24:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141666#M21885 Timothy_Hall 2022-02-16T14:24:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141870#M21938 <P>Cool! Thanks I can work with that handy solution!</P> Fri, 18 Feb 2022 10:30:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Routes-not-visible-in-Gaia/m-p/141870#M21938 D_W 2022-02-18T10:30:05Z