Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

IPSec VPNs from 2 Separate Gateways to a single Satellite Gateway

Hi,

After some advice on the best config for this scenario. 

I have a single management server managing 2 separate Checkpoint firewalls. I need to setup the following:

1) VPN from one Checkpoint firewall to a 3rd party Fortinet Satellite gateway to allow access to subnet 192.168.1.0/24

2) VPN from the other Checkpoint firewall to the same 3rd party Fortinet Satellite gateway to allow access to subnet 192.168.2.0/24

I've created an interoperable device for the Fortinet gateway and configured it's encryption domain to include both the subnets above. I've then created 2 VPN communities, one for each CheckPoint. The issue is that the Fortinet is not accepting the proposal as it is only expecting a single subnet to be included in each VPN community.

What's the best way to do this? Should I create 2 separate objects for the Fortinet and set different encryption domains for each of them or is there a cleaner solution?

All CP devices running 80.20 build 101

Thanks in advance 🙂

 

0 Kudos
1 Reply
Highlighted
Admin
Admin

The issue is caused by supernetting most likely.
See scenario 1 here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos