Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend
Jump to solution

Routing for VPN community

Hey guys,

 

I dont ever recall having to this by default, but is there any manual config you would have to do as far as routing through the VPN tunnel once community is configured on CP? I believe all this is inherited based on the community settings and there is no need to add any routes manually via web GUI, but I could be wrong.

 

tx

0 Kudos
1 Solution

Accepted Solutions
JackPrendergast
Advisor
Advisor

No, not usually.

 

Traffic should route over the VPN without you manually adding routes.

 

Sounds like the remote end isnt presenting all of its subnets if traffic isnt routing correctly. 

View solution in original post

10 Replies
JackPrendergast
Advisor
Advisor

No, not usually.

 

Traffic should route over the VPN without you manually adding routes.

 

Sounds like the remote end isnt presenting all of its subnets if traffic isnt routing correctly. 

the_rock
Legend
Legend

Thats what I thought...I know sometimes they may need to be added manually for RA stuff, but otherwise, no. Thanks for confirming!

0 Kudos
Kurt_Abela
Contributor

Hi,

I assume this is a policy based VPN, in that case it should match the encryption domain. Are you getting any encrypt logs from smart console?

You can also run 'vpn tu tlist' on the gateway to check the SAs and TSs

the_rock
Legend
Legend

Yes, correct, its policy based.

 

Andy

0 Kudos
Kurt_Abela
Contributor

So there is no need for routes to be defined as long as the encryption domain is correct.

 

Kurt

the_rock
Legend
Legend

Thats what I  thought.

0 Kudos
JackPrendergast
Advisor
Advisor

Are you having issues?

0 Kudos
the_rock
Legend
Legend

Not at the moment...it was something on remote side. Thanks everyone for your input, really appreciate it.

Andy

0 Kudos
PhoneBoy
Admin
Admin

There is a vpn_route.conf file.
Believe it applies only when using SmartLSM but it could apply in other situations also.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,

0 Kudos
Vincent_Bacher
Advisor
Advisor

I believe (if I am not mistaken) years ago at a customers environment we often used vpn_route.conf without SmartLSM.

We had a VPN to their hub cluster and at used vpn_route.conf to route between their spoke gateways and our gateway. 

Worked fine.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events