https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222317#M42589 <P>Thanks Andy, are you referring to "enable route injection mechanism"? (print screen attached)</P><P>If so, should I enable it for the community B or both A and B?</P><P>&nbsp;</P> Wed, 31 Jul 2024 01:03:16 GMT Shurik 2024-07-31T01:03:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222314#M42587 <DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class="">Hello Colleagues!</DIV><DIV class="">&nbsp;</DIV></DIV></DIV></DIV></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>I need to implement some workaround... I have policy based VPN tunnel with company A and route based (BGP) tunnel with company B. Company A should get to company B through my gateway.&nbsp;</P><P>There are two separate tunnels that works fine, but traffic from A to B doesn't work. I can access both A and B without any problem.</P><P>I see traffic from A gets to my gateway, but goes no where...&nbsp;</P><P>Is there a specific configuration that should be done in order to send traffic from A (10.10.10.0/24) to B (10.20.20.0/24) through the same my gateway?</P><P>&nbsp;</P><P>Please see attached diagram.</P><P>&nbsp;</P><P>Thank you!</P></DIV></DIV></DIV></DIV></DIV> Wed, 31 Jul 2024 00:28:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222314#M42587 Shurik 2024-07-31T00:28:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222315#M42588 <P>Make sure routing is enabled for vpn under community setting, tunnel management.</P> <P>Andy</P> Wed, 31 Jul 2024 00:45:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222315#M42588 the_rock 2024-07-31T00:45:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222317#M42589 <P>Thanks Andy, are you referring to "enable route injection mechanism"? (print screen attached)</P><P>If so, should I enable it for the community B or both A and B?</P><P>&nbsp;</P> Wed, 31 Jul 2024 01:03:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222317#M42589 Shurik 2024-07-31T01:03:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222318#M42590 <P>Im not super familiar with SMB appliances, so not sure if that would be equal to route method on regular vpn community in smart console.</P> <P>Like below.</P> <P>Andy</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Routing-between-VPNs/td-p/90408" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Routing-between-VPNs/td-p/90408</A></P> Wed, 31 Jul 2024 01:10:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222318#M42590 the_rock 2024-07-31T01:10:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222391#M42609 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/35933">@Shurik</a>&nbsp;Sorry, forgot to update this. Here is what I was referring to.</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27057i8CB518A84B800FB7/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P>&nbsp;</P> <P> <A href="https://sc1.checkpoint.com/documents/R81.20/SmartConsole_OLH/EN/Topics-OLH/xPIK8IRZF4anBq5LqvwFRQ2.htm?cshid=xPIK8IRZF4anBq5LqvwFRQ2" target="_blank">VPN Communities - VPN Routing (checkpoint.com)</A></P> <P>&nbsp;</P> <H2>VPN Routing Options</H2> <UL> <LI> <P><STRONG>To center only</STRONG><SPAN>&nbsp;</SPAN>. No VPN routing actually occurs. Only connections between the satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gws variable">gateways</SPAN><SPAN>&nbsp;</SPAN>and central<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>go through the VPN tunnel. Other connections are routed in the normal way</P> </LI> <LI> <P><STRONG>To center and to other satellites through center</STRONG><SPAN>&nbsp;</SPAN>. Use VPN routing for connection between satellites. Every packet passing from a satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>to another satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>is routed through the central<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN>. Connection between satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gws variable">gateways</SPAN><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gws variable">gateways</SPAN><SPAN>&nbsp;</SPAN>that do not belong to the community are routed in the normal way.</P> </LI> <LI> <P><STRONG>To center, or through the center to other satellites, to internet and other VPN targets</STRONG><SPAN>&nbsp;</SPAN>. Use VPN routing for every connection a satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>handles. Packets sent by a satellite<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>pass through the VPN tunnel to the central<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_gw variable">gateway</SPAN><SPAN>&nbsp;</SPAN>before being routed to the destination address.</P> </LI> </UL> Wed, 31 Jul 2024 16:43:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222391#M42609 the_rock 2024-07-31T16:43:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222401#M42610 <P>Thank you! I got it resolved, looks like starting R80.40 we don't need to specify the encryption domain (center gateway), it should be empty group. Once it was removed, it resolved the problem.</P> Wed, 31 Jul 2024 18:21:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222401#M42610 Shurik 2024-07-31T18:21:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222403#M42611 <P>Good job!</P> Wed, 31 Jul 2024 18:43:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Route-Traffic-Between-Two-VPN-Tunnels/m-p/222403#M42611 the_rock 2024-07-31T18:43:38Z