Re: Domain VPN and route VPN

Moudar · ‎2024-06-20

Hi

In S2S admin guide it says:

If I have several groups within my VPN domain used by different communities, all utilizing domain-based VPN, what will happen to those communities if I create a new community for route-based VPN and add an empty group to the VPN domain?

What does the yellow marked text mean?

796570686578 · ‎2024-06-20

In the Gateway Settings you can define an Encryption Domain that will be used by every community per default. So whenever you create a new community, this encryption domain will be used.

But since recently(like like 2 years ago or so I think?) you can define alternative encryption domains for every community in Smart Console. And this is also what you need to do for Route-Based Tunnels. So you don't change the Encryption Domain in the Gateway Object directly(this would override the encryption domain of EVERY tunnel, which you don't want) but rather in the community settings like you showed by clicking on that "pencil icon". Then you can choose to use the "default" encryption domain or a custom one only specific to this tunnel.

What does the yellow marked text mean?

It just means that for this tunnel, it will use your "custom" domain and not the default encryption domain according to the gateway settings. You don't have to worry about your other tunnels 🙂

Moudar · ‎2024-06-20

I am getting "VPN failed to resolve Gateway IP address" and it is a SMB gateway with dynamic IP

I have configured VTI on both sides, bot when trying to ping I get this: "VPN failed to resolve Gateway IP address"

PhoneBoy · ‎2024-06-20

How are the Link Selection settings set in the relevant gateway objects?
Is this related to IPv6?
See: https://support.checkpoint.com/results/sk/sk132332

Are you a member of CheckMates?

Domain VPN and route VPN