This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
isuckatthis
Explorer
yesterday
Jump to solution

0/0 over a VTI config - Spark

I'm pulling my hair out trying to configure a 0/0 over a VTI. We want to tunnel all traffic back to the headend.

 

There is some default route that is automatically added to the routing table based on the Internet. I don't want that. I need that gone. I've created /32s for what I need. All other traffic not identified in my host routes needs to route across the VTI.

 

How do I do this? 

 

 

Screenshot 2024-12-19 085628.png

0 Kudos
1 Solution

Accepted Solutions
isuckatthis
Explorer
yesterday
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy, I'll take a look at that. Is that in the VPN community inside SMS? I think I managed to make it work...

I created a route:  Dst: Any  Src: 192.168.10.0/24   Next Hop: remote side tunnel IP

I tried that previously but it didn't appear to be working, appears to be working now.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
yesterday
Jump to solution

Have you configured the relevant VPN site as "Route All Traffic"?
Believe that is required in this case.

image.png

0 Kudos
isuckatthis
Explorer
yesterday
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy, I'll take a look at that. Is that in the VPN community inside SMS? I think I managed to make it work...

I created a route:  Dst: Any  Src: 192.168.10.0/24   Next Hop: remote side tunnel IP

I tried that previously but it didn't appear to be working, appears to be working now.

PhoneBoy
Admin
Admin
yesterday
In response to isuckatthis
Jump to solution

Yes, you need to enable "Route All Traffic" in the relevant VPN Community in this case.

0 Kudos
the_rock
Legend
Legend
yesterday
In response to isuckatthis
Jump to solution

No sweat, we are all here to help. Im not an SMB expert, but what Phoneboy said makes perfect sense. Btw, have a look at the post I made for rouyte based tunnels and even though its on regular Gaia, it will give you some idea on how this is supposed to function.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events