https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159441#M27908 <P>Hello,</P> <P>When you say "<SPAN>Each time we create a supernet as the domain</SPAN>" do you mean adding that supernet to your local encryption domain (checkpoint)? or in the remote encryption domain (ASA)?</P> <P>"<SPAN>and the user tries to connect to 172.30.1.1</SPAN>" where is the user? behind checkpoint or behind ASA?</P> <P>"<SPAN>on the ASA we see a tunnel for 172.16.0.0 and 172.30.0.0</SPAN>" does ASA receive these ID's from checkpoint? or ASA send those ID's to checkpoint?</P> <P>Easy answer would be&nbsp;<SPAN>sk108600 scenario 1, edit the user.def file to send your local encryption domain to the ASA peer as you need. If that is not the case more details are needed to understand your enviroment.</SPAN></P> <P><SPAN>Regards</SPAN></P> Thu, 13 Oct 2022 12:27:05 GMT RS_Daniel 2022-10-13T12:27:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159423#M27902 <P>Hi Guys</P><P>We have an issue creating a vpn between Checkpoint&nbsp; and Cisco ASA.</P><P>Each time we create a supernet as the domain, 172.16.0.0/12, and the user tries to connect to 172.30.1.1 for example, on the ASA we see a tunnel for 172.16.0.0 and 172.30.0.0 and the traffic never makes it.</P><P>The setting on Checkpoint vpn community is set to vpn per subnet pair.</P><P>I have checked gui dbedit and the setting ike_enable_supernet is enabled under global properties and also ike_use_largest possible subnets is also set to true.</P><P>What do we need to do to get the gateway to use the supernet? how do I check the setting is true on the gateway?</P><P>cheers</P> Thu, 13 Oct 2022 08:32:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159423#M27902 carl_t 2022-10-13T08:32:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159441#M27908 <P>Hello,</P> <P>When you say "<SPAN>Each time we create a supernet as the domain</SPAN>" do you mean adding that supernet to your local encryption domain (checkpoint)? or in the remote encryption domain (ASA)?</P> <P>"<SPAN>and the user tries to connect to 172.30.1.1</SPAN>" where is the user? behind checkpoint or behind ASA?</P> <P>"<SPAN>on the ASA we see a tunnel for 172.16.0.0 and 172.30.0.0</SPAN>" does ASA receive these ID's from checkpoint? or ASA send those ID's to checkpoint?</P> <P>Easy answer would be&nbsp;<SPAN>sk108600 scenario 1, edit the user.def file to send your local encryption domain to the ASA peer as you need. If that is not the case more details are needed to understand your enviroment.</SPAN></P> <P><SPAN>Regards</SPAN></P> Thu, 13 Oct 2022 12:27:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159441#M27908 RS_Daniel 2022-10-13T12:27:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159448#M27910 <P>Which the version do you have on your Gateway ?</P><P>&nbsp;</P> Thu, 13 Oct 2022 14:15:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159448#M27910 Abi 2022-10-13T14:15:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159529#M27942 <P>Better open a SR# with CP TAC !</P> Fri, 14 Oct 2022 10:11:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159529#M27942 G_W_Albrecht 2022-10-14T10:11:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159534#M27945 <P>R81.10</P> Fri, 14 Oct 2022 11:52:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-issue-between-Cisco-ASA-and-Checkpoint/m-p/159534#M27945 carl_t 2022-10-14T11:52:42Z