I facing issue while understanding route based vpn with cisco device. I tried to lab the scenario but its not working. the topology is as follows.
R1--> Checkpoint firewall --> R2
R1 loopback - 188.8.131.52/32
R2 loopback - 184.108.40.206/32
the objective is to ping 220.127.116.11 to 18.104.22.168 and traffic should go through tunnel.
So i am creating route based vpn between checkpoint and r2. The steps that i performed on checkpoint firewall:
1. created a tunnel interface
remote peer: 192.168.229.10
local address 22.214.171.124
remote address 126.96.36.199
2. add route for 188.8.131.52
184.108.40.206 ----> vpn tunnel int (next HOP)
3. on checkpoint gateway in VPN domain call 220.127.116.11. is it necessary to mention VPN domain in route based VPN or we can select or subnets behind gateway option.
4. add inter-operable device - R2.
5. in VPN community used mesh --> added gateway and router, configured phase 1 and phase 2 parameters and added shared secret key.
now on Cisco router i configured following.
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#crypto isakmp key admin@123 address 192.168.229.11
R1(config)#crypto ipsec transform-set MY_TRANSFORM_SET esp-3des esp-sha256-hmac
R1(config)#crypto ipsec profile IPSEC_PROFILE
R1(ipsec-profile)#set transform-set MY_TRANSFORM_SET
R1(config)#interface Tunnel 0
R1(config-if)#ip address 18.104.22.168 255.255.255.0
R1(config-if)#tunnel source 192.168.229.10
R1(config-if)#tunnel destination 192.168.229.11
R1(config-if)#tunnel protection ipsec profile IPSEC_PROFILE
R1(config)#ip route 22.214.171.124 255.255.255.255 Tunnel0
do we need to mention proxy-acl on cisco router as well.
As i understand it is not necessary and routing decision will be taken in account instead of policy.
Correct me if i am wrong somewhere. I am still a learner.