This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BrianD
Participant
‎2021-11-03 03:08 PM

Site-to-Site with peer gateway having multiple local LANs

One of our clients has two local area networks that need to be able to communicate to their assets in our cloud. We can get the site-to-site tunnel up and running with one P2 (domain) or peer local network. However, when we try to add a second peer domain, local network, it won't connect.

 

We've looked throughout the forums and documentation and nothing explains the steps we need to take and the right configuration to allow for multiple local subnets on the peer gateway.

 

Our R81 checkpoint has one local network (their VLAN and subnet) that the customer's gateway needs to be able to communicate to.

 

The customer's gateway has two subnets that need to be able to communicate to their assets in the VLAN within our Checkpoint.

192.168.0.0/24 and 172.16.0.0/24. They have a PFSENSE so on their side, we create two P2 proposals (one for each subnet).

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-11-03 06:17 PM

You create a group object with the two subnets in it, use that as the remote encryption domain for the peer gateway.

0 Kudos
BrianD
Participant
‎2021-11-03 08:09 PM
In response to PhoneBoy

Hi, PhoneBoy. Thank you for the quick response and help. I've tripled checked my P1 and P2 encryption, and timing settings. The shared secret matches and I can connect other VPN site-to-sites without issue. However, with this PFSENSE and them having two local LANS, I'm at a lost. 

I added both their subnets into a network group and used that in the peer domain but that didn't help. Is the Tunnel Management options possibly where I'm going wrong?

 

2021-11-03_22-03-54.png

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-03 09:43 PM
In response to BrianD

Guessing you want One VPN tunnel per subnet pair configured.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events