This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2023-10-10 05:04 AM

VPN Routing is not working or how do I make this work?

Hi Team,

I have two tunnels VPN-A and VPN-B; both are terminated on my onprem firewall. Users from VPN-A would like to access resources from VPN-B through CheckPoint firewall.

e.g. 

VPN-A

Remote-Network 10.10.10.0/24

Local Network - 172.16.5.0/24

 

VPN-B

Remote-Network 192.168.10.0/24

Local Network 172.16.5.0/24

 

Servers from 10.10.10.0/24 would like to access 172.16.5.0/24. I tried adding subnet in encryption domain but this is not happening.

Any other clue?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
8 Replies
Alex-
Leader Leader
Leader
‎2023-10-10 05:14 AM

Check you have activated, in the VPN Routing tab, routing between satellites in your communities.

0 Kudos
Blason_R
Leader
Leader
‎2023-10-10 05:23 AM
In response to Alex-

Hello,

There are two different communities how do I activate it?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
K_R_V
Collaborator
‎2023-10-10 05:30 AM
In response to Blason_R

you can always modify the vpn_route.conf file on the management station to force traffic into the tunnel.

from sk26993 :

The configuration file, "vpn_route.conf", is a text file that contains the name of network objects. The format is: Destination, Next hop router, Install on Security Gateway, Force Override (optional field). Fields must be separated by tabs.

Note: Be very careful. All entries in the relevant "vpn_route.conf" must be objects that exist in the database. The names must match object names exactly.

Blason_R
Leader
Leader
‎2023-10-10 06:58 AM
In response to K_R_V

Need to check that - Since I have never have defined that.

Like which names should be kept same exactly?

Community?

Interoperable_device?

Subnet?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-10-10 07:13 AM
In response to Blason_R

Maybe below is helpful?

Andy

https://community.checkpoint.com/t5/Security-Gateways/Routing-between-VPNs/m-p/90408

the_rock
Legend
Legend
‎2023-10-10 06:42 AM

How is below cxonfigured?

Andy

 

 

 

Screenshot_1.png

0 Kudos
Blason_R
Leader
Leader
‎2023-10-10 06:55 AM
In response to the_rock

Well in my case @the_rock there are two mesh communities configured and its not star community  defined

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-10-10 06:57 AM
In response to Blason_R

Gotcha. In that case, what @K_R_V said would make most sense, to me anyway.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events