AnsweredAssumed Answered

Site-To-Site VPN with Multiple Subnets

Question asked by Luca Fabbri on Jan 5, 2018
Latest reply on Jan 9, 2018 by Dameon Welch Abernathy

Hello to all.

This is my first post here. I hope you can help me to address the investigation rightly.

 

SCENARIO

 

 

 

Main Site - Check Point R77.30

Subnets

  1. 172.16.0.0/16
  2. 172.29.0.0/20
  3. 172.29.16.0/20
  4. 172.29.32.0/22
  5. 192.168.11.0/24
  6. 192.168.18.0/24
  7. ...etc...

 

 

Remote Site A - Cisco Meraki MX65. Subnet: 192.168.80.0/24

Remote Site B - 3rd Party Device Router/Firewall. Subnet: 192.168.85.0/24

 

 

OBJECTIVES

 

 

The objective is to have two site-to-site:

 

  1. Main Site <=> Remote Site A; first 4 subnets of main site should be enabled/allowed to VPN traffic
  2. Main Site <=> Remote Site B; first 5 subnets of main site should be enabled/allowed to VPN traffic

 

CONFIGURATION

 

Main Site Face

I created a group in Check Point including first 5 subnets. This group was specified as VPN Domain (Encryption Domain).

I created a policy rule allowing traffic from first 4 subnets to Remote Site A subnet and viceversa.

I created a policy rule allowing traffic from first 5 subnets to Remote Site B subnet and viceversa.

 

Remote Site A

I specified first 4 as remote subnets.

 

Remote Site B

I specified first 5 as remote subnets.

 

PROBLEM

 

VPNs tunnel go up, however I can reach Remote Sites A and B (and viceversa) from 1st subnet only (172.16.0.0/16).

 

Can you help me to address the investigation ?

 

Thank you,

Luca

Outcomes