Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
OlegPowerC
Participant

Access rule for site-to-site vpn traffic, do not matched when i provide vpn community

Hi mates

I begginer in checkpoint, i try to configure vpn site to site based on tunnel interfaces (one site is checkpoint, remote site is Cisco ASA).

Tunnel is up, and traffic aalowed but only if i do not provide vpn community in the rule.

if i provide vpn community - traffic mattced by cleanup rule.

I checked log message and this messages contain vpn community when "vpn community" fileld on the rule is "any" and messages do not contain vpn community if "vpn community" field contain properly community name.

What i do wrong?

Thank you!

TunPol4.PNGTunPol3.PNGTunPol2.PNGTunPol1.PNG

0 Kudos
2 Replies
the_rock
Legend
Legend

Hey mate,

No problem, we are here to help. Okay, for starters, can you send screenshots of how vpn community is configured? Im referring to all the below tabs in the object itself, just blur out any sensitive data.

Andy

 

 

Screenshot_1.png

0 Kudos
OlegPowerC
Participant

Hello and thank you!

I already resolved this issue.
I provided "domain" - network object on my interoperable devices.
But now I migrate to Tunnel + BGP topology in checkpoint side and VTI + BGP on Cisco side and no issues yet, it is my first time with checkpoint, excluding lab

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events