Create a Post
Showing results for 
Search instead for 
Did you mean: 

how to connect 2 ip-Sec mesh VPNs

Goodmorning everyone

in my company the need has arisen to expose services from an IP Sec tunnel to another IP Sec tunnel on the same VSX context.

we have tried to implement a rule with relative rules of NAT that exposes on a ip belonging to the encdom of the source VPN a destination nat source with the segments related to the encdom of the destination VPN, the result is that the traffic coming from the VPN source is successfully decrypted and nattato with the ips belonging to the destination VPN but at this point the traffic despite being nattato on the IPs related to the destination VPN is not encrypted and inserted in the destination Tunnel, I had serious doubts about the operation of these rules but now I'm wondering if it's possible to implement what is required, do you have any suggestions?

0 Kudos
1 Reply


Why do you mention mesh on the post title? It looks more like a star topology. Maybe doing a proper mesh solves your issue or doing a direct VPN to the desired site.

Lookin into your issue it seems like a domain encryption issue. I had a similar case a few years back, we had to add the performed NAT to the peer's encryption domain. Would like you to provide exact information but I can't see anything on the SR that I opened to Check Point.

Hope it helps



0 Kudos