I am quite new on Checkpoint VPN blade that's why sorry for stupid question !
Basically I am trying to establish IPsec VPN(mesh community) tunnels between HQ and branch sites as below diagram.
However once I apply IPsec configuration, I lost SMS and FW connectivity. I suspect somehow SMS traffic goes into VPN tunnel that's why I lost connectivity between SMS and FW. See below Dubai-FW is disconnected after I push policy.
- Even though Dubai-FW is disconnected from SMS, Clients start to ping remote site that means IPSec VPN config successfull
In HQ-FW, I have only defined HQ-LAN-NET [10.1.0.0/24] network.(not added MGMT 192.168.1.0/24)
- I have also defined VPN access policies on both Branch and HQ(rule 3 and 4)
-Defined NAT policy between branch and HQs( rule 1 and 2) [Not performing NAT between HQ and Branch Networks but SMS]
- I see from Logs that the traffic between Clients are encrypted and decrypted as below
- I check VPN blade logs and realized that many drops here below you can see one of them's detail. It specifies "Clear text packet should be encrypted"
From my perspective the SMS traffic goes into VPN tunnel even though I have excluded 192.168.1.0/24 network from VPN domain in HQ-FW. But don't understand the reason why.
Is anyone help me what couldn't I figure out in this set up ?
I would be appreciated if you have a look.
Thanks in Advance,