Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BrianD
Participant

Site-to-Site with peer gateway having multiple local LANs

One of our clients has two local area networks that need to be able to communicate to their assets in our cloud. We can get the site-to-site tunnel up and running with one P2 (domain) or peer local network. However, when we try to add a second peer domain, local network, it won't connect.

 

We've looked throughout the forums and documentation and nothing explains the steps we need to take and the right configuration to allow for multiple local subnets on the peer gateway.

 

Our R81 checkpoint has one local network (their VLAN and subnet) that the customer's gateway needs to be able to communicate to.

 

The customer's gateway has two subnets that need to be able to communicate to their assets in the VLAN within our Checkpoint.

192.168.0.0/24 and 172.16.0.0/24. They have a PFSENSE so on their side, we create two P2 proposals (one for each subnet).

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

You create a group object with the two subnets in it, use that as the remote encryption domain for the peer gateway.

0 Kudos
BrianD
Participant

Hi, PhoneBoy. Thank you for the quick response and help. I've tripled checked my P1 and P2 encryption, and timing settings. The shared secret matches and I can connect other VPN site-to-sites without issue. However, with this PFSENSE and them having two local LANS, I'm at a lost. 

I added both their subnets into a network group and used that in the peer domain but that didn't help. Is the Tunnel Management options possibly where I'm going wrong?

 

2021-11-03_22-03-54.png

0 Kudos
PhoneBoy
Admin
Admin

Guessing you want One VPN tunnel per subnet pair configured.

0 Kudos