This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Herselman
Advisor
‎2020-08-02 04:21 AM
Jump to solution

Originate an iBGP network for VPN pool?

Hi,

 

We're happily using Check Point VPN by allocating IPs from a network object, lets say 192.168.50.0/24. We have BGP peering with another network that doesn't use us as a default gateway and need to subsequently originate the VPN pool subnet.

 

Loading a black hole route however results in all traffic being rejected, presumably due to the stack running packets through the routing stack prior to inspection?

Loading a static route and pointing it at the loopback adapter however also doesn't work.

There also doesn't appear to be a bgp 'network' command whereby I could advertise a prefix without having the prefix in my routing table.

 

How do I proceed with this?

 

Regards

David Herselman

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2020-08-02 09:52 PM
Jump to solution

I've seen other environments where they achieved similar by routing the subnet out the external interface which is ultimately the origin interface for the VPN connections.

sk165333 provides scenarios relevant to NAT pools but the traffic may be handled differently (in the case of VPN) hence in R81 we have:

"IPv4 NAT-pool routes - Configuring and redistributing NAT-pool routes to routing protocols."

CCSM R77/R80/ELITE

View solution in original post

2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-08-02 09:52 PM
Jump to solution

I've seen other environments where they achieved similar by routing the subnet out the external interface which is ultimately the origin interface for the VPN connections.

sk165333 provides scenarios relevant to NAT pools but the traffic may be handled differently (in the case of VPN) hence in R81 we have:

"IPv4 NAT-pool routes - Configuring and redistributing NAT-pool routes to routing protocols."

CCSM R77/R80/ELITE
David_Herselman
Advisor
‎2020-08-03 04:38 PM
In response to Chris_Atkinson
Jump to solution

Redistributing the static route whereby the gateway points upstream works perfectly.

 

Many thanks!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events