This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jason_Hamilton
Explorer
‎2019-10-18 06:15 AM

IPSec VPN with multiple subnets

Hello,

I need some guidance on one of our IPSec tunnels. Right now it is up and running fine, but we need to add additional IP addresses on our internal net.

Current configuration:
Our internal=10.201.8.0-10.207.255.254 Their internal=10.199.101.0 /29

They have a single server at 10.199.101.2

I have a group created that we need to add to our internal. The group contains 9 static IP addresses for workstations that need to connect to 10.199.101.2. The 9 IP nodes in the group contain two different subnets (10.193.28.x addresses and 10.64.24.x addresses)

Is there a way to do this without creating a second VPN tunnel? Do we need to have all those static IP’s in the same subnet?

Thanks!

0 Kudos
2 Replies
Sal_Previtera
Collaborator
‎2019-10-18 06:56 AM

Create a network group, for example "my-VPNdoamin", add in this group all current and later created subnets.....which you are already doing....

Think in subnet terms and not in static IP terms...... the 2 subnets have to still be defined at the remote site too...

So when the tunnel negotiate is negotiated in subnets terms....not single hosts,  on both side local and remote.

Then use security policy access control to "allow" or "deny" specific hosts access with service and application.

 

Yes, you can still create the VPN  tunnel in indvidual single hosts (inside the VPN Domain group)....

but you have make sure every single host you add on your side HAS to be DEFINEDand added on the remote side too....

VPN tunnels parameters have to match exactly on both sides.....

0 Kudos
Gabriel_Support
Contributor
‎2019-10-24 10:48 AM

Jason,

I will recommend you follow the steps provided by Sal_Previtera and make use of the VPN admin guide if needed. Also you cannot create two tunnel to the same remote peer.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events