VPN Community Subnet exclusion

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hello,

I have a configuration on which I have differents Community (R77.30 GW) and I have some overlapping subnet in the vpn encryption. the first community (community1) include 3 CKPS Gateway, each gateway have a 10.6.x.0/24 on his VPN domain (10.6.1.0/24, for the first gateway, 10.6.2.0/24 for the second, ...) and the communication work fine. I need yet add a new community (community2) to a central location (interoperable gateway - SOPHOS Firewall) and this IG present a 10.0.0.0/8 subnet in his VPN Domain and phase 2 subnet. When I define this new Community, the communication between 10.6.x.0/24 subnet stop working. I have found the 'Excluding subnets in encryption domain from accessing a specific VPN community' - sk86582, that explain the crypt.def management, but since my goal is to exclude the flow between all the 10.6.x.0/24 subnets in the new community (community2), I don't found the way in the crypt.def file to define a specific community to be sure the exclusion are only applied to the community2 ? Does somebody have an idea about this configuration ?

BRgds