I facing issue while understanding route based vpn with cisco device. I tried to lab the scenario but its not working. the topology is as follows.
R1--> Checkpoint firewall --> R2
R1 loopback - 220.127.116.11/32
R2 loopback - 18.104.22.168/32
the objective is to ping 22.214.171.124 to 126.96.36.199 and traffic should go through tunnel.
So i am creating route based vpn between checkpoint and r2. The steps that i performed on checkpoint firewall:
1. created a tunnel interface
remote peer: 192.168.229.10
local address 188.8.131.52
remote address 184.108.40.206
2. add route for 220.127.116.11
18.104.22.168 ----> vpn tunnel int (next HOP)
3. on checkpoint gateway in VPN domain call 22.214.171.124. is it necessary to mention VPN domain in route based VPN or we can select or subnets behind gateway option.
4. add inter-operable device - R2.
5. in VPN community used mesh --> added gateway and router, configured phase 1 and phase 2 parameters and added shared secret key.
now on Cisco router i configured following.
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#crypto isakmp key admin@123 address 192.168.229.11
R1(config)#crypto ipsec transform-set MY_TRANSFORM_SET esp-3des esp-sha256-hmac
R1(config)#crypto ipsec profile IPSEC_PROFILE
R1(ipsec-profile)#set transform-set MY_TRANSFORM_SET
R1(config)#interface Tunnel 0
R1(config-if)#ip address 126.96.36.199 255.255.255.0
R1(config-if)#tunnel source 192.168.229.10
R1(config-if)#tunnel destination 192.168.229.11
R1(config-if)#tunnel protection ipsec profile IPSEC_PROFILE
R1(config)#ip route 188.8.131.52 255.255.255.255 Tunnel0
do we need to mention proxy-acl on cisco router as well.
As i understand it is not necessary and routing decision will be taken in account instead of policy.
Correct me if i am wrong somewhere. I am still a learner.