This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
H2-F1
Participant
‎2020-10-12 02:33 AM

Remote Access VPN installs large routing table

Hello Community

 

On a cluster XL, Virtual System, running R80.40, Before connecting to a VPN using endpoint security client, the routing table from the client machine looks like this

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.25     35

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331

      192.168.0.0    255.255.255.0         On-link      192.168.0.25    291

     192.168.0.25  255.255.255.255         On-link      192.168.0.25    291

    192.168.0.255  255.255.255.255         On-link      192.168.0.25    291

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331

        224.0.0.0        240.0.0.0         On-link      192.168.0.25    291

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331

  255.255.255.255  255.255.255.255         On-link      192.168.0.25    291

===========================================================================

Persistent Routes:

  None

The Encryption domain on the Remote-Access VPN is a single /24 network (10.254.0.0 255.255.255.0).

When connecting to the VPN the client routing table changes to the following

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.25 35
0.0.0.0 248.0.0.0 10.254.17.10 10.254.17.9 1
8.0.0.0 254.0.0.0 10.254.17.10 10.254.17.9 1
10.0.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
10.16.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
10.24.0.0 255.255.192.0 10.254.17.10 10.254.17.9 1
10.24.64.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.24.80.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.24.88.0 255.255.255.192 10.254.17.10 10.254.17.9 1
10.24.88.64 255.255.255.255 10.254.17.10 10.254.17.9 1
10.24.88.66 255.255.255.254 10.254.17.10 10.254.17.9 1
10.24.88.68 255.255.255.252 10.254.17.10 10.254.17.9 1
10.24.88.72 255.255.255.248 10.254.17.10 10.254.17.9 1
10.24.88.80 255.255.255.240 10.254.17.10 10.254.17.9 1
10.24.88.96 255.255.255.224 10.254.17.10 10.254.17.9 1
10.24.88.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.24.89.0 255.255.255.128 10.254.17.10 10.254.17.9 1
10.24.89.160 255.255.255.224 10.254.17.10 10.254.17.9 1
10.24.89.192 255.255.255.192 10.254.17.10 10.254.17.9 1
10.24.90.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.24.92.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.24.96.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.24.104.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.24.108.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.24.110.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.24.111.0 255.255.255.128 10.254.17.10 10.254.17.9 1
10.24.111.128 255.255.255.192 10.254.17.10 10.254.17.9 1
10.24.111.192 255.255.255.224 10.254.17.10 10.254.17.9 1
10.24.111.224 255.255.255.248 10.254.17.10 10.254.17.9 1
10.24.111.232 255.255.255.255 10.254.17.10 10.254.17.9 1
10.24.111.234 255.255.255.254 10.254.17.10 10.254.17.9 1
10.24.111.236 255.255.255.252 10.254.17.10 10.254.17.9 1
10.24.111.240 255.255.255.240 10.254.17.10 10.254.17.9 1
10.24.112.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.24.128.0 255.255.128.0 10.254.17.10 10.254.17.9 1
10.25.0.0 255.255.0.0 10.254.17.10 10.254.17.9 1
10.26.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
10.28.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
10.32.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
10.64.0.0 255.255.192.0 10.254.17.10 10.254.17.9 1
10.64.64.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.64.72.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.64.73.0 255.255.255.128 10.254.17.10 10.254.17.9 1
10.64.73.128 255.255.255.224 10.254.17.10 10.254.17.9 1
10.64.73.176 255.255.255.240 10.254.17.10 10.254.17.9 1
10.64.73.192 255.255.255.192 10.254.17.10 10.254.17.9 1
10.64.74.0 255.255.255.128 10.254.17.10 10.254.17.9 1
10.64.74.128 255.255.255.192 10.254.17.10 10.254.17.9 1
10.64.74.192 255.255.255.224 10.254.17.10 10.254.17.9 1
10.64.74.224 255.255.255.255 10.254.17.10 10.254.17.9 1
10.64.74.226 255.255.255.254 10.254.17.10 10.254.17.9 1
10.64.74.228 255.255.255.252 10.254.17.10 10.254.17.9 1
10.64.74.232 255.255.255.248 10.254.17.10 10.254.17.9 1
10.64.74.240 255.255.255.240 10.254.17.10 10.254.17.9 1
10.64.75.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.64.76.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.64.80.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.64.96.0 255.255.224.0 10.254.17.10 10.254.17.9 1
10.64.128.0 255.255.128.0 10.254.17.10 10.254.17.9 1
10.65.0.0 255.255.0.0 10.254.17.10 10.254.17.9 1
10.66.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
10.68.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
10.72.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
10.80.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
10.96.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
10.128.0.0 255.192.0.0 10.254.17.10 10.254.17.9 1
10.192.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
10.224.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
10.240.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
10.248.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
10.252.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
10.254.0.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.254.1.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.254.2.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.254.4.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.254.8.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.254.16.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.254.17.8 255.255.255.248 On-link 10.254.17.9 256
10.254.17.9 255.255.255.255 On-link 10.254.17.9 256
10.254.17.15 255.255.255.255 On-link 10.254.17.9 256
10.254.32.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.254.33.0 255.255.255.128 10.254.17.10 10.254.17.9 1
10.254.33.128 255.255.255.192 10.254.17.10 10.254.17.9 1
10.254.33.192 255.255.255.255 10.254.17.10 10.254.17.9 1
10.254.33.194 255.255.255.254 10.254.17.10 10.254.17.9 1
10.254.33.196 255.255.255.252 10.254.17.10 10.254.17.9 1
10.254.33.200 255.255.255.248 10.254.17.10 10.254.17.9 1
10.254.33.208 255.255.255.240 10.254.17.10 10.254.17.9 1
10.254.33.224 255.255.255.224 10.254.17.10 10.254.17.9 1
10.254.34.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.254.36.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.254.40.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.254.48.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.254.64.0 255.255.192.0 10.254.17.10 10.254.17.9 1
10.254.128.0 255.255.192.0 10.254.17.10 10.254.17.9 1
10.254.192.0 255.255.224.0 10.254.17.10 10.254.17.9 1
10.254.224.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.254.240.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.254.248.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.254.252.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.254.254.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.254.255.0 255.255.255.248 10.254.17.10 10.254.17.9 1
10.254.255.8 255.255.255.254 10.254.17.10 10.254.17.9 1
10.254.255.11 255.255.255.255 10.254.17.10 10.254.17.9 1
10.254.255.12 255.255.255.254 10.254.17.10 10.254.17.9 1
10.254.255.15 255.255.255.255 10.254.17.10 10.254.17.9 1
10.254.255.16 255.255.255.240 10.254.17.10 10.254.17.9 1
10.254.255.32 255.255.255.224 10.254.17.10 10.254.17.9 1
10.254.255.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.254.255.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.2.32 255.255.255.224 10.254.17.10 10.254.17.9 1
10.255.2.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.2.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.3.32 255.255.255.224 10.254.17.10 10.254.17.9 1
10.255.3.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.3.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.4.32 255.255.255.224 10.254.17.10 10.254.17.9 1
10.255.4.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.4.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.5.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.255.6.32 255.255.255.224 10.254.17.10 10.254.17.9 1
10.255.6.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.6.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.7.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.255.8.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.8.128 255.255.255.128 10.254.17.10 10.254.17.9 1
10.255.9.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.255.10.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.255.12.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.255.16.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.255.32.0 255.255.224.0 10.254.17.10 10.254.17.9 1
10.255.64.0 255.255.192.0 10.254.17.10 10.254.17.9 1
10.255.128.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.255.130.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.255.132.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.255.136.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.255.144.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.255.160.0 255.255.224.0 10.254.17.10 10.254.17.9 1
10.255.192.0 255.255.224.0 10.254.17.10 10.254.17.9 1
10.255.224.0 255.255.240.0 10.254.17.10 10.254.17.9 1
10.255.240.0 255.255.248.0 10.254.17.10 10.254.17.9 1
10.255.248.0 255.255.252.0 10.254.17.10 10.254.17.9 1
10.255.252.0 255.255.254.0 10.254.17.10 10.254.17.9 1
10.255.254.0 255.255.255.0 10.254.17.10 10.254.17.9 1
10.255.255.0 255.255.255.248 10.254.17.10 10.254.17.9 1
10.255.255.12 255.255.255.252 10.254.17.10 10.254.17.9 1
10.255.255.16 255.255.255.248 10.254.17.10 10.254.17.9 1
10.255.255.24 255.255.255.254 10.254.17.10 10.254.17.9 1
10.255.255.27 255.255.255.255 10.254.17.10 10.254.17.9 1
10.255.255.28 255.255.255.252 10.254.17.10 10.254.17.9 1
10.255.255.32 255.255.255.252 10.254.17.10 10.254.17.9 1
10.255.255.36 255.255.255.254 10.254.17.10 10.254.17.9 1
10.255.255.39 255.255.255.255 10.254.17.10 10.254.17.9 1
10.255.255.40 255.255.255.248 10.254.17.10 10.254.17.9 1
10.255.255.48 255.255.255.240 10.254.17.10 10.254.17.9 1
10.255.255.64 255.255.255.192 10.254.17.10 10.254.17.9 1
10.255.255.128 255.255.255.252 10.254.17.10 10.254.17.9 1
10.255.255.133 255.255.255.255 10.254.17.10 10.254.17.9 1
10.255.255.134 255.255.255.254 10.254.17.10 10.254.17.9 1
10.255.255.136 255.255.255.248 10.254.17.10 10.254.17.9 1
10.255.255.144 255.255.255.254 10.254.17.10 10.254.17.9 1
10.255.255.147 255.255.255.255 10.254.17.10 10.254.17.9 1
10.255.255.148 255.255.255.255 10.254.17.10 10.254.17.9 1
10.255.255.150 255.255.255.254 10.254.17.10 10.254.17.9 1
10.255.255.152 255.255.255.248 10.254.17.10 10.254.17.9 1
10.255.255.160 255.255.255.224 10.254.17.10 10.254.17.9 1
10.255.255.192 255.255.255.192 10.254.17.10 10.254.17.9 1
11.0.0.0 255.0.0.0 10.254.17.10 10.254.17.9 1
12.0.0.0 252.0.0.0 10.254.17.10 10.254.17.9 1
16.0.0.0 240.0.0.0 10.254.17.10 10.254.17.9 1
32.0.0.0 224.0.0.0 10.254.17.10 10.254.17.9 1
64.0.0.0 240.0.0.0 10.254.17.10 10.254.17.9 1
80.0.0.0 254.0.0.0 10.254.17.10 10.254.17.9 1
82.0.0.0 255.0.0.0 10.254.17.10 10.254.17.9 1
83.0.0.0 255.128.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.192.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.255.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.255.128.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.224.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.240.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.248.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.252.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.254 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.255 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.254 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.255 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.252 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.254 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.255 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.240 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.224 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.192 10.254.17.10 10.254.17.9 1
83.xxx.xxx.z 255.255.255.128 10.254.17.10 10.254.17.9 1
83.xxx.xxx.0 255.255.255.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.0 255.255.254.0 10.254.17.10 10.254.17.9 1
83.xxx.xxx.0 255.255.192.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
83.xxx.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
84.0.0.0 252.0.0.0 10.254.17.10 10.254.17.9 1
88.0.0.0 248.0.0.0 10.254.17.10 10.254.17.9 1
96.0.0.0 224.0.0.0 10.254.17.10 10.254.17.9 1
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.0 255.128.0.0 10.254.17.10 10.254.17.9 1
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 10.254.17.10 10.254.17.9 1
127.128.0.0 255.128.0.0 10.254.17.10 10.254.17.9 1
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 10.254.17.10 10.254.17.9 1
128.0.0.0 192.0.0.0 10.254.17.10 10.254.17.9 1
192.0.0.0 255.128.0.0 10.254.17.10 10.254.17.9 1
192.128.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
192.160.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
192.168.0.0 255.255.128.0 10.254.17.10 10.254.17.9 1
192.168.0.0 255.255.255.0 On-link 192.168.0.25 291
192.168.0.0 255.255.255.128 10.254.17.10 10.254.17.9 1
192.168.0.25 255.255.255.255 On-link 192.168.0.25 292
192.168.0.25 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.0.128 255.255.255.128 10.254.17.10 10.254.17.9 1
192.168.0.255 255.255.255.255 On-link 192.168.0.25 292
192.168.0.255 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.128.0 255.255.192.0 10.254.17.10 10.254.17.9 1
192.168.192.0 255.255.252.0 10.254.17.10 10.254.17.9 1
192.168.196.0 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.3 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.4 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.8 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.16 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.19 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.20 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.24 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.32 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.35 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.36 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.40 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.48 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.51 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.52 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.56 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.64 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.67 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.68 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.72 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.80 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.83 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.84 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.88 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.96 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.99 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.100 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.104 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.112 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.115 255.255.255.255 10.254.17.10 10.254.17.9 1
192.168.196.116 255.255.255.252 10.254.17.10 10.254.17.9 1
192.168.196.120 255.255.255.248 10.254.17.10 10.254.17.9 1
192.168.196.128 255.255.255.128 10.254.17.10 10.254.17.9 1
192.168.197.0 255.255.255.0 10.254.17.10 10.254.17.9 1
192.168.198.0 255.255.254.0 10.254.17.10 10.254.17.9 1
192.168.200.0 255.255.248.0 10.254.17.10 10.254.17.9 1
192.168.208.0 255.255.240.0 10.254.17.10 10.254.17.9 1
192.168.224.0 255.255.224.0 10.254.17.10 10.254.17.9 1
192.169.0.0 255.255.0.0 10.254.17.10 10.254.17.9 1
192.170.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
192.172.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
192.176.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
192.192.0.0 255.192.0.0 10.254.17.10 10.254.17.9 1
193.0.0.0 255.0.0.0 10.254.17.10 10.254.17.9 1
194.0.0.0 254.0.0.0 10.254.17.10 10.254.17.9 1
196.0.0.0 252.0.0.0 10.254.17.10 10.254.17.9 1
200.0.0.0 252.0.0.0 10.254.17.10 10.254.17.9 1
204.0.0.0 255.128.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.248.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.252.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.255.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.255.128.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.192.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.224.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.252.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.252 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.255 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.254 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.248 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.240 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.224 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.192 10.254.17.10 10.254.17.9 1
204.xxx.xxx.z 255.255.255.128 10.254.17.10 10.254.17.9 1
204.xxx.xxx.0 255.255.255.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.0 255.255.254.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.0 255.255.248.0 10.254.17.10 10.254.17.9 1
204.xxx.xxx.0 255.255.240.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.254.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.240.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.224.0.0 10.254.17.10 10.254.17.9 1
204.xxx.0.0 255.192.0.0 10.254.17.10 10.254.17.9 1
205.0.0.0 255.0.0.0 10.254.17.10 10.254.17.9 1
206.0.0.0 254.0.0.0 10.254.17.10 10.254.17.9 1
208.0.0.0 240.0.0.0 10.254.17.10 10.254.17.9 1
224.0.0.0 224.0.0.0 10.254.17.10 10.254.17.9 1
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.0.25 291
224.0.0.0 240.0.0.0 On-link 10.254.17.9 256
224.0.0.0 248.0.0.0 10.254.17.10 10.254.17.9 1
232.0.0.0 248.0.0.0 10.254.17.10 10.254.17.9 1
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.0.25 291
255.255.255.255 255.255.255.255 On-link 10.254.17.9 256
===========================================================================
Persistent Routes:
None

Tried this on 2 different machines, rebooted each node as well as delete and recreated the VPN site on the client machine to no avail. Thought I'd ask the community before raising this with TAC.

0 Kudos
6 Replies
chipone
Explorer
‎2020-10-12 03:01 AM

This is normal for a remote VPN client, routes are injected into the clients routing table with any routes the gateway knows about. I bet you have split tunnelling enabled on the VPN client.

To overcome this is to disable spit tunnel so basically all traffic goes to the CP gateway and have only one default route, some companies insist that you disable split tunnelling as its seen as a security risk as you can't monitor web browsing etc, the downside is that it add additional overhead to the VPN tunnel and any local network resources i.e. printers won't work.

 

0 Kudos
H2-F1
Participant
‎2020-10-12 03:39 PM
In response to chipone

When I compare the routing table on the gateway to the client's there is a significant difference, see below gateway routing table.

B 0.0.0.0/0 via 204.xxx.xxx.1, wrp128, cost None, age 51799
S 10.xxx.0.0/24 via 10.xxx.xxx.9, eth3.15, cost 0, age 53310
B 10.xxx.1.0/24 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.2.0/27 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.3.0/24 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.4.0/27 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.4.248/29 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.5.0/27 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.6.0/27 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.32.0/24 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.33.0/27 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.33.32/27 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.33.64/26 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
C 10.xxx.33.192/26 is directly connected, eth3.3
B 10.xxx.62.192/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.64.0/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.64.64/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.64.128/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.64.192/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.65.0/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.65.64/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.65.128/26 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
B 10.xxx.254.6/32 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.255.0/30 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
C 10.xxx.255.8/30 is directly connected, eth3.15
C 10.xxx.255.12/30 is directly connected, eth3.16
B 10.xxx.255.32/30 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.255.44/30 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
B 10.xxx.255.168/30 via 10.xxx.xxx.13, eth3.16, cost None, age 51790
S 10.zzz.0.0/16 via 10.xxx.xxx.13, eth3.16, cost 0, age 53310
S 10.zzz.32.11/32 via 10.xxx.xxx.13, eth3.16, cost 0, age 53310
B 10.zzz.255.44/30 via 10.xxx.xxx.9, eth3.15, cost None, age 51794
C 127.0.0.0/8 is directly connected, lo
B 120.xxx.xxx.180/30 via 204.xxx.xxx.z, wrp128, cost None, age 51799
B 167.xxx.xxx.128/30 via 204.xxx.xxx.z, wrp128, cost None, age 51796
B 204.xxx.xxx.z/24 via 204.xxx.xxx.z, wrp128, cost None, age 51799
C 204.xxx.xxx.z/28 is directly connected, wrp128

The client's routing table if far larger. Any ideas why the disparity?

Also note that the client gets injected with 2 additional default routes with different subnet masks which aren't in the gateway's routing table. Would you know where these come from?

0 Kudos
chipone
Explorer
‎2020-10-13 12:49 AM
In response to H2-F1

The difference in size of the routing table could be that you are limiting the number of routes being published to the client.

Try checking this.

On the cluster select topology then click on the set domain for remote access community, check the VPN domain option this could have been defined and you are using a network group to define what's being advertised to the client.

 

0 Kudos
H2-F1
Participant
‎2020-10-13 01:54 AM
In response to chipone

That is correct. I am on advertising a single /24 subnet in the encryption domain, shouldn't that be the only subnet that is pushed and added to the routing table of the client?

0 Kudos
sajin
Contributor
‎2022-09-15 05:25 AM
In response to H2-F1

Hello,

I do have the similar issue. Is the issue fixed.?

0 Kudos
Hamido
Explorer
‎2022-09-15 05:37 AM
In response to sajin

Yes the issue is fixed

The solution to this issue is a 2 part reconfiguration of the system,

Part 1 deals with configuration on the Gateways that participate in the remote access community.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Part 2 deals with the client side.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

This worked for me. Hope it helps you too.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top