This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Adity12
Contributor
‎2022-05-19 06:06 PM

How to make vpn gateway have capability to foward another traffic vpn

Hi All,

Have a good days.

 

I have some issue with my environment lab, currently i set my lab to deploy IPsec VPN site to site.

i have done create 3 site, and planning from site 1 can access site 2, but for site 3, site 1 must through site 2 firstly and then from site 2 directly site 3.

 

For now site 1 is able to communicate to site 2, all traffic will encrypted. but for site 2 to site 3 still have issue, even in the explicit policy for vpn traffic only, i get noticed the traffic still pass from FW not VPN.

 

Maybe i lost or missing setting, if anyone has successfully for this setup, can you tell me.

Where is  the part / config i've missing or wrong?

 

Thanks Regards

Dio Aditya Pradana

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend
‎2022-05-19 11:37 PM

Why this crippled configuration ? Use Mashed Encryption Domain VPN !

CCSE CCTE SMB Specialist
0 Kudos
Wolfgang
Mentor
Mentor
‎2022-05-19 11:47 PM

@Adity12 as  @G_W_Albrecht wrote keep it simple as possible.

Another solution will be use a star community with the gateway of site 2 as center and the others as satellites. Additional you have to enable VPN routing to get the traffic routed from site 1 to site 3 via site 2.

Screenshot 2022-05-20 084416.png

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-05-20 12:23 AM

Basic Site to Site VPN Configuration

CCSE CCTE SMB Specialist
0 Kudos