Re: Help with Meshed VPN Community and Routing

Chris27 · ‎2023-12-12

Hi,

We have two sites (site A and site B) that are linked via a meshed checkpoint community.

Site A has a Juniper site to site VPN which links to out main corporate network. From there we have dedicated links to azure and AWS.

Site A can get access to the AWS/Azure stuff fine as we have a static route pointing the traffic at the SRX.

Site B can't access anything in our AWS/Azure and keeps trying to send it via the internet as the addressing stars with 100.x.x.x

I have tried static routes on the sites B checkpoint but when viewing the logs it is not trying to take the VPN at all.

Any tips would be appreciated as this is an inherited checkpoint that we don't normally deal with.

Thanks

PhoneBoy · ‎2023-12-14

Version/JHF?
Is this Route-based VPN (using VTIs) or Domain?
Do you manage Site B or is it managed by a third party?

Chris27 · ‎2023-12-15

Version 80.40 on both.

It looks like VPN Domain/Communities?

We are managing both sites now.

JoSec · ‎2023-12-15

If you are utilizing a Domain Based VPN, interesting traffic will be defined in your VPN domain object applied to your Checkpoint gateway which you will have to include the IP addresses, subnets, etc,. to make sure the traffic is tunneled via the site to site VPN. You will also have to have your VPN community defined, the appropriate rule to allow the traffic and define in the same rule what VPN community to utilize.

Are you a member of CheckMates?

Help with Meshed VPN Community and Routing