AnsweredAssumed Answered

VPN routing

Question asked by Sandra Suarez on Aug 2, 2018
Latest reply on Aug 3, 2018 by Heiko Ankenbrand

Hi,

***********************
ENVIRONMENT

VPN COMMUNITY TYPE: Star
CENTER GW: CheckPoint R80.10 (appliances 5900) (manage our customer)
SATELLITE GW: Cisco (manage external 1)
SATELLITE GW: Fortinet (manage external 2)
SATELLITE GW: Cisco ASA (manage external 3)
SATELLITE GW: Checkpoint (manage external 4)

**************************
TRAFFIC FLOW

SATELLITE GW from external 2, 3 y 4 needs to contact to SATELLITE GW external 1, the traffic must always pass through CENTER GW.

*************************
CONFIGURATION

Each SATELLITE (2,3,4) arrive to CENTER GW with a follow IP address
customer 2 --> 10.10.10.10
customer 3 --> 10.10.10.15
customer 4 --> 10.10.10.20
they try to connect to 172.25.107.193 (host behid SATELLITE GW: Cisco (manage external 1))

When
Host 10.10.10.10-SATELLITE GW: Fortinet (manage external 2) AND host10.10.10.20-SATELLITE GW: Checkpoint (manage external 4) did the telnet connection to 172.25.107.193-SATELLITE GW: Cisco (manage external 1) EVERITHING WORKS FINE

When
Host 10.10.10.15-SATELLITE GW: Cisco (manage external 3) did the telnet connection to 172.25.107.193-SATELLITE GW: Cisco (manage external 1) DOES NOT OPEN

******************************
LOGS
1. When the traffic works fine between satellites the log traffic show action VPN Routig
2. When the traffic does no work the log traffci show action DECRIPT (never show VPN Routing)

*******************
QUESTION

1. How can we check by CLI the routes created by VPN Routing from Start COmmunity
2. Could you explain us how is the orden in a VPN routing
First decript
Second Nat
Third Encript
3. Do you know how other troubleshooting could we run?

Outcomes