Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Advisor
Jump to solution

VPN routing and External interfaces

Dear CheckMates

I have a simple cluster with 5+ External interfaces. This cluster has 5+ s2s VPN communities. Depends on the routing the VPN's interoperable devices are behind different external interfaces. The essence of this, this cluster has more than 5 External interfaces.
The VPNs work fine.

Until today.

I created a s2s VPN as before.

Short description:

A_GW -> my_VPN_GW
B_VPN_peer -> peerGW
B_int -> peer interoperable device
B_enc -> network behind the peer (100.X.X.X/25 - yes it begins with 100)
A_int1 -> default route (this is the default route)
A_int2 -> the VPNpeer is behind this IF (from my_VPN_GW's point of view)


The issue:

The if I initiate for eg. a ping from my_VPN_GW to a host in the B_enc, the traffic leaves on the A_int1, although the B_VPN_peer is behind A_int_2 IF.

If I create a static-route -> the traffic goes where it should.

My question would be, this is a normal behavior if the ENC_DOM is not RFC1918?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
1 Solution

Accepted Solutions
Lesley
Leader Leader
Leader

Routing is not always needed but it is documented as needed.

See

https://support.checkpoint.com/results/sk/sk180613

And https://support.checkpoint.com/results/sk/sk179485

If it is vsx or maestro check https://support.checkpoint.com/results/sk/sk160672

https://support.checkpoint.com/results/sk/sk76281

All above is based that I think this is regarding domain based tunnels

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

2 Replies
Lesley
Leader Leader
Leader

Routing is not always needed but it is documented as needed.

See

https://support.checkpoint.com/results/sk/sk180613

And https://support.checkpoint.com/results/sk/sk179485

If it is vsx or maestro check https://support.checkpoint.com/results/sk/sk160672

https://support.checkpoint.com/results/sk/sk76281

All above is based that I think this is regarding domain based tunnels

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend

Hey bro,

I would say its normal, regardless. I actually wrote some docs about it, you can refer to below post. I know its route based tunnel to Azure, but it gives you an idea.

Hope it helps.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events