Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maciej_Maczka
Contributor

VPN Domain per VPN community

Hi,

Do you have any information about "VPN Domain per VPN community" development progress?

According to: Video Link : 6473 

Scheduled to Q3 2018.

Best Regards

MM

9 Replies
PhoneBoy
Admin
Admin

It's currently a customer-specific release.

Check with your local office.

0 Kudos
PhoneBoy
Admin
Admin

In addition to the aforementioned customer release, we are planning to add this feature to R80.30.M1.

Eric_Turner
Explorer

Any idea when the R80.30.M1 release will be available? 

0 Kudos
PhoneBoy
Admin
Admin

It will be after R80.30 goes GA, don't have an exact timeframe yet.
PhoneBoy
Admin
Admin

This is currently targeted for R80.40. EA is planned to start in the next several weeks.
0 Kudos
Daniel_Westlund
Contributor

Did this feature ever make it to R80.40 or R81?  If so, where can I find it in SmartConsole?  Thanks.

0 Kudos
PhoneBoy
Admin
Admin

It was added to R80.40 yes.
Note that gateways don't necessarily need to be updated to R80.40 to use this feature, though I don't believe it works with older SMB appliances (running R77.20.x or earlier):

Screen Shot 2021-03-23 at 8.26.53 AM.png

Marcel_Gramalla
Contributor

As already said the feature is added in R80.40 management and doesn't require the gateway to be R80.40. But keep an eye on sk170857 Using "Encryption Domain Per community" feature overrides Encryption Domain for other communities (c...

The feature is work in progress and broke some VPNs with a JHF (must have been JHF 78 I think). R&D says they are working on resolving the limitation.

Daniel_Westlund
Contributor

Thanks for the heads up.  It sounds like this feature is a no go until R&D resolves this limitation.  Looking at that SK, it strikes me as strange how CP calculates the encryption domains.  So because VPN Community A has a subnet within the network range in VPN Community B, then CP can't negotiate the entire network range for VPN Community B, but has to use the subnets that were broken up by the subnet from VPN Community A.  I would have thought that A and B didn't affect each other.  Perhaps this is why the CP VPN proposes phase 2 ranges that don't match what's defined in the encryption domain sometimes.  Well, much of the time.  My hope for this feature was that it could get us away from user.def, but that doesn't seem to be the case.