AnsweredAssumed Answered

Site-To-Site VPN with Multiple Subnets

Question asked by Luca Fabbri on Jan 5, 2018
Latest reply on Jan 9, 2018 by Dameon Welch-Abernathy

Hello to all.

This is my first post here. I hope you can help me to address the investigation rightly.

 

SCENARIO

 

 

 

Main Site - Check Point R77.30

Subnets

  1. 172.16.0.0/16
  2. 172.29.0.0/20
  3. 172.29.16.0/20
  4. 172.29.32.0/22
  5. 192.168.11.0/24
  6. 192.168.18.0/24
  7. ...etc...

 

 

Remote Site A - Cisco Meraki MX65. Subnet: 192.168.80.0/24

Remote Site B - 3rd Party Device Router/Firewall. Subnet: 192.168.85.0/24

 

 

OBJECTIVES

 

 

The objective is to have two site-to-site:

 

  1. Main Site <=> Remote Site A; first 4 subnets of main site should be enabled/allowed to VPN traffic
  2. Main Site <=> Remote Site B; first 5 subnets of main site should be enabled/allowed to VPN traffic

 

CONFIGURATION

 

Main Site Face

I created a group in Check Point including first 5 subnets. This group was specified as VPN Domain (Encryption Domain).

I created a policy rule allowing traffic from first 4 subnets to Remote Site A subnet and viceversa.

I created a policy rule allowing traffic from first 5 subnets to Remote Site B subnet and viceversa.

 

Remote Site A

I specified first 4 as remote subnets.

 

Remote Site B

I specified first 5 as remote subnets.

 

PROBLEM

 

VPNs tunnel go up, however I can reach Remote Sites A and B (and viceversa) from 1st subnet only (172.16.0.0/16).

 

Can you help me to address the investigation ?

 

Thank you,

Luca

Outcomes