Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_Herselman
Collaborator

Originate an iBGP network for VPN pool?

Jump to solution

Hi,

 

We're happily using Check Point VPN by allocating IPs from a network object, lets say 192.168.50.0/24. We have BGP peering with another network that doesn't use us as a default gateway and need to subsequently originate the VPN pool subnet.

 

Loading a black hole route however results in all traffic being rejected, presumably due to the stack running packets through the routing stack prior to inspection?

Loading a static route and pointing it at the loopback adapter however also doesn't work.

There also doesn't appear to be a bgp 'network' command whereby I could advertise a prefix without having the prefix in my routing table.

 

How do I proceed with this?

 

Regards

David Herselman

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee
Employee

I've seen other environments where they achieved similar by routing the subnet out the external interface which is ultimately the origin interface for the VPN connections.

sk165333 provides scenarios relevant to NAT pools but the traffic may be handled differently (in the case of VPN) hence in R81 we have:

"IPv4 NAT-pool routes - Configuring and redistributing NAT-pool routes to routing protocols."

View solution in original post

2 Replies
Chris_Atkinson
Employee
Employee

I've seen other environments where they achieved similar by routing the subnet out the external interface which is ultimately the origin interface for the VPN connections.

sk165333 provides scenarios relevant to NAT pools but the traffic may be handled differently (in the case of VPN) hence in R81 we have:

"IPv4 NAT-pool routes - Configuring and redistributing NAT-pool routes to routing protocols."

View solution in original post

David_Herselman
Collaborator

Redistributing the static route whereby the gateway points upstream works perfectly.

 

Many thanks!