This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Diamond
MVP Diamond
‎2021-02-23 12:02 PM
Jump to solution

Routing for VPN community

Hey guys,

 

I dont ever recall having to this by default, but is there any manual config you would have to do as far as routing through the VPN tunnel once community is configured on CP? I believe all this is inherited based on the community settings and there is no need to add any routes manually via web GUI, but I could be wrong.

 

tx

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
1 Solution

Accepted Solutions
JackPrendergast
Advisor
Advisor
‎2021-02-24 01:39 AM
Jump to solution

No, not usually.

 

Traffic should route over the VPN without you manually adding routes.

 

Sounds like the remote end isnt presenting all of its subnets if traffic isnt routing correctly. 

View solution in original post

10 Replies
JackPrendergast
Advisor
Advisor
‎2021-02-24 01:39 AM
Jump to solution

No, not usually.

 

Traffic should route over the VPN without you manually adding routes.

 

Sounds like the remote end isnt presenting all of its subnets if traffic isnt routing correctly. 

the_rock
MVP Diamond
MVP Diamond
‎2021-02-24 05:44 AM
In response to JackPrendergast
Jump to solution

Thats what I thought...I know sometimes they may need to be added manually for RA stuff, but otherwise, no. Thanks for confirming!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kurt_Abela
Contributor
‎2021-02-24 01:18 PM
Jump to solution

Hi,

I assume this is a policy based VPN, in that case it should match the encryption domain. Are you getting any encrypt logs from smart console?

You can also run 'vpn tu tlist' on the gateway to check the SAs and TSs

the_rock
MVP Diamond
MVP Diamond
‎2021-02-24 01:36 PM
In response to Kurt_Abela
Jump to solution

Yes, correct, its policy based.

 

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kurt_Abela
Contributor
‎2021-02-24 01:38 PM
In response to the_rock
Jump to solution

So there is no need for routes to be defined as long as the encryption domain is correct.

 

Kurt

the_rock
MVP Diamond
MVP Diamond
‎2021-02-24 01:43 PM
In response to Kurt_Abela
Jump to solution

Thats what I  thought.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
JackPrendergast
Advisor
Advisor
‎2021-02-24 01:49 PM
In response to the_rock
Jump to solution

Are you having issues?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2021-02-24 02:42 PM
In response to JackPrendergast
Jump to solution

Not at the moment...it was something on remote side. Thanks everyone for your input, really appreciate it.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2021-02-28 10:47 AM
Jump to solution

There is a vpn_route.conf file.
Believe it applies only when using SmartLSM but it could apply in other situations also.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2021-02-28 01:16 PM
In response to PhoneBoy
Jump to solution

I believe (if I am not mistaken) years ago at a customers environment we often used vpn_route.conf without SmartLSM.

We had a VPN to their hub cluster and at used vpn_route.conf to route between their spoke gateways and our gateway. 

Worked fine.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events