This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergo89
Collaborator
‎2022-08-25 05:59 PM

VPN Routing

Hi Guys,

i got stuck with configuration a inter-site VPN routing. I have CheckPoint in the center and some Cisco devices in the branch offices. All pairs VPNs between CP and Cisco work fine, but  i cannot reach Cisco 2 from Cisco 1. I turned on VPN Routing in Community - "To center and other satellites", encryption domains for Cisco-s ANY (it mean, send all traffic to center). Simple rule, like - "Cisco 1 to Cisco 2 -Any - Any - Accept" created.

Maybe i missed something?

thanks

 

 

0 Kudos
3 Replies
BikeMan
Contributor
‎2022-08-26 03:32 AM

Hi Sergo89,

The only case when I had this type of traffic working well was when all peers were managed within the same CMA (currently using MDM with several CMA). Even if I read it is working perfectly... but I had to edit the vpn_route.conf and I didn't want to do it.

So, what I would suggest is to define several communuties and define the vpn domain for the central peer at the community level and not at the GW level. In your case with 2 Cisco peer, you will have 2 domains.

I have never tested but if it can help.

Rgds,

 

0 Kudos
Sergo89
Collaborator
‎2022-08-26 07:05 AM
In response to BikeMan

thanks BikeMan, yeah i want to play with vpn_route.conf today. Yes i have two communities, one IKEv2 and another v1,  bunch of tunnels sitting in v1. Regarding VPN domains, yes i did (i  guess i did it properly), Net1 sitting behind Cisco1 and Net2 behind Cisco2, core/hub Checkpoint has Net3. 

it looks right for me

0 Kudos
RS_Daniel
Advisor
‎2022-08-26 07:21 AM

Hello,

From CheckPoint side it should work with the config you describe. Search on the logs with src and dst IP, if you see "vpn routing" on the action column, it is working. Check that cisco 1 networks are added on the interesting traffic configuration on cisco 2 and vice versa. It usually takes a couple minutes when you change that live, if you need inmediate verification, restart the vpn.

Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events