Hello!
We are having performance issues with a VPN tunnel solution up to Azure.
So we thought about setting another tunnel up so we can lab / troubleshoot on a designated test network.
Weirdly enough, when the new tunnel was set up (route based), we saw an SA negotiated between one random on prem network and one random Azure network.
This affected production traffic.
What's even weirder, is that when I issued netstat -arn as well as show route in gaia, there were no routes pointing ot the new VPNT-interface, nor had BGP gone up.
BGP is strictly configured with export and import route maps as well, but the neighborship was never formed, nor any routes installed.
I will look into this more tomorrow, but from my understanding, the same VNG was used on the Azure end.
So my question being .... if the Azure VNG initiated an SA between on prem-network A and Azure Network B.
Would Check Point accept that?
In the VPN Community, we have set up One VPN Tunnel per GW, it's also a seperate VPN Community than the other tunnel.
The VPN Domains on both ends have been set to empty groups.
Anyone seen anything similar ?
Anyone can explain how these SAs even formed even without routes being in place?