- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: VPN and SmartLSM doesn't works
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN and SmartLSM doesn't works
Hi there,
I'm trying in my LAB to create a VPN from a CheckPoint Gateway and several 1570R managed by SmartProvisiong.
Every SMB is connected to a SmartProvisiong of a CMA in my MDS and use a cellular interface to reach my network.
The CheckPoint Gateway is managed by the same CMA.
I followed SmartProvisioning Adming Guide, but I see only some tunnel_test packet and no other traffic.
I don't have any route to EncryptionDomain in CheckPoint Gateway even if I try to use permanent tunnel.
The EncryptionDomain of the Gateway is configured with a group containing a subnet.
The EncryptionDomain on SmartLSM Gateway is configured Manual (on Topology page) witha range of IP that are used as NAT.
Traffic coming to Gateway from it's EncryptionDomain is dropped as:
# fw ctl zdebug + drop | grep 20.20.20.100
@;389050;[vs_0];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=1 20.20.20.100:1 -> 10.10.10.9:0 dropped by fw_log_ip_routing_failure Reason: IP routing failed (ipout routing failure);
Can some one help me?
Regards
M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Run command -> ip r g 20.20.20.100 and see path its taking. Confirm first it is correct and if so, we can run fw monitor to verify.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#ip r g 20.20.20.10
20.20.20.100 via 10.176.2.200 dev eth1 src 10.176.2.90cache
#ip r g 10.10.10.9
RTNETLINK answers: Network is unreachable
20.20.20.100 is on Gateway side , 10.10.10.9 is on SMB
Traffic need to start from 20.20.20.100 to 10.10.10.9
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you draw simple diagram showing how this is configured and whats supposed to access what on the other side? Even basic paint diagram would help : - )
Cheers.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We need to find out WHY that IP shows unreachable, thats the key here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi the_rock,
main issue seems that no route are present on Gateway and on SMB. I see tunnel_test from SMB to Gateway but VPN is marked as down.