Hello @the_rock and @Duane_Toler ,
Thank you very much for your feedback. Here are the details of my config and symptoms:
After I configured the star community with my Check Point cluster as central gateway and the remote Fortigate as satellite gateway (the configuration is quite standard, I have tens of tunnels in this management).
The local encryption domain is configured 'According to the gateway' and the remote encryption domain is empty (we cannot configure empty local encryption domain for now as this overrides encryption domains in other communities, as explianed in sk170857)
add vpn tunnel 98 type unnumbered peer India_VPN_Gateway_NTT dev eth1-01
eth1-01 is the external interface of the cluster
Then in SmartConsole I did 'Get Interfaces Without Topology'. I configured the cluster VIP to match the one of the interface eth1-01. The topology is configured according to mbennett1's document above.
Then I add a static route to route the remote network via the tunnel interface:
set static-route 10.144.22.16/29 nexthop gateway logical vpnt98 on
The tunnel is up in SmartView Monitor (see enclosed)
When I initiate a ping to one of the remote IP addresses, I get a timeout. In the logs in SmartConsole, I see the packet being encrypted in the community by the local gateway and then I get a reject with IKE failure and 'no response from peer).
Do you have an idea what could be the issue ?
Thank you very much in advance for your help