Yes, but what these IP addresses represents? In my output some of them are known IKE peers, but some of them are public IP addresses that are non existent neither as objects or log entries. 

VPN is definitely handled in SecureXL.
Check fwaccel conns output and see if there are any matches for other IPs.

I've found only one match between SecureXL (fwaccell conns) and "orig_route_params" table and this is an IP address of another IKE peer. All other IP addresses found in the "orig_route_params " table are either local or remote IKE peers or public IP address I'm unable to reference to neither Interoperable objects or Gateways.

I would conclude that these unrelatable addresses are in the table because these are about unknown IKE end points attempting unsuccessful  IKE negotiation with the gateway, but then how come that there is no Log record about this?

Without these unrelatable addresses in the table I would conclude that this table simply stores IP addresses of either local or remote IKE Check Point locally managed  peers as these are SecureXL acceeleated IKE sessions, while 3rd party VPN peer's IKE sessions are handled by IKE VPN deamon and therefore should not be seen in the "orig_route_params" table, at least I figured so from Timothy_Hall's post on similar subject. 

Thats actually a good point, I saw the same in my lab and Azure lab as well, but could not see any logs for it either.

@imamuzic Whats the link to Tim's post about it?

Andy

Here you go: https://community.checkpoint.com/t5/Security-Gateways/Problem-with-MAC-address-on-the-wrong-interfac...

Got it, thanks!

Might be worth a TAC case to investigate this more closely.
https://help.checkpoint.com 

Sorry mate, totally forgot to test this today. Let me set up bogus VPN community and run the command again and I will update shortly.

Apologies again.

Update...ran the command after creating test vpn community and it showed the IPs there. I will run it again in the morning.

Andy