- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi all,
very small setup:
S2S VPN Domain based, my enc domain has only 10.10.0.0/16,
Anyway, what i found by vpn tu is that my ike id is 10.10.0.0/17.
Trying to connect to a host inside 10.10.128.0/17, I get a new IKE id with a /32 on my side, this is related to the host IP of course.
I checked all my communities, but it seems that this behavior is not linked to sk170857.
So, why this happens?
Maybe some NAT rule inside 10.10.128.0/17 is breaking the subnet because of the natted IP which is not in peer's enc domain?
thanks a lot
Go to guidbedit and search for supernet, ike_use...cant remember exact values now, but may have to do with those.
do you mean ike_use_largest_possible_subnets ?
It seems that i'm facing the opposite problem...
Yes, that, but also any supernet setting, turn it to false.
Check the VPN community settings to see if it is configured "per pair of hosts".
Hello Vladimir,
Thank you for your feedback.
Of course is configured "per subnet pair", domain based setup.
Next hours i will check for previous mentioned dnguiedt value
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY