Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN with third Party Device and supernetting

Hello Community,

 


I have a question about VPN site-to-site between Check Point and third party devices.

My version is R80.30 Take 215.

As such, the VPN tunnel works, the peer customer complains about strange Phase2 connection attempts.

However, the source IP address is not stored on the Check Point in the VPN domain on my site.

The technician suspects subneting at the check point.

I found out the following:

ike_enable_supernet = false
ike_use_largest_possible_subnets = true
ike_p2_enable_supernet_from_R80.20 = by_global

I am not sure whether the Check Point makes a supernetting of the VPN domain networks.
Can someone tell me based on these three settings whether the check point makes a supernetting of the networks in the VPN domain?

What I also find strange is that I see via "vpn tu tlist" that my WAN VIP is trying to initiate a phase2 tunnel,
in addition to the three existing phase 2 tunnels , the tunnel does not come Up because the peer does not allow it.


Thank you for your support

0 Kudos
4 Replies
Highlighted

Thanks for the answer.

I've checked it all out and I'm still unsure.

My question here is. Does the R80.30 Take 215 make summery subnetting in a VPN site-to-site between check point and third party device?

0 Kudos
Highlighted
Sapphire

See sk108600: VPN Site-to-Site with 3rd party: Check Point Security Gateway dynamically supernets subnets to reduce the amount of SA overhead - this happens always.

0 Kudos
Highlighted
Admin
Admin

ike_use_largest_possible_subnets = true

That’s one of the settings that controls superneting.

0 Kudos