This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nikolai_Borhart
Contributor
‎2020-09-10 12:43 AM

VPN with third Party Device and supernetting

Hello Community,

 


I have a question about VPN site-to-site between Check Point and third party devices.

My version is R80.30 Take 215.

As such, the VPN tunnel works, the peer customer complains about strange Phase2 connection attempts.

However, the source IP address is not stored on the Check Point in the VPN domain on my site.

The technician suspects subneting at the check point.

I found out the following:

ike_enable_supernet = false
ike_use_largest_possible_subnets = true
ike_p2_enable_supernet_from_R80.20 = by_global

I am not sure whether the Check Point makes a supernetting of the VPN domain networks.
Can someone tell me based on these three settings whether the check point makes a supernetting of the networks in the VPN domain?

What I also find strange is that I see via "vpn tu tlist" that my WAN VIP is trying to initiate a phase2 tunnel,
in addition to the three existing phase 2 tunnels , the tunnel does not come Up because the peer does not allow it.


Thank you for your support

0 Kudos
4 Replies
Nikolai_Borhart
Contributor
‎2020-09-11 03:49 AM
In response to G_W_Albrecht

Thanks for the answer.

I've checked it all out and I'm still unsure.

My question here is. Does the R80.30 Take 215 make summery subnetting in a VPN site-to-site between check point and third party device?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-09-11 05:50 AM
In response to Nikolai_Borhart

See sk108600: VPN Site-to-Site with 3rd party: Check Point Security Gateway dynamically supernets subnets to reduce the amount of SA overhead - this happens always.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-12 12:37 PM

ike_use_largest_possible_subnets = true

That’s one of the settings that controls superneting.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top