Update to R80.40 and have the possibility within GUI to specify the subnets directly on the community. What error messages are you receiving on your VPN logs for "Key Install"? Also, when you execute "vpn tu", how many associations for IKE and IPSEC do you see?ĭue to the lack of logs without ike view. The supernetting depends of the local configuration for some parameters on Check Point side, because of this the gateway choice (or not) to adjoin the subnets to a bigger one. In addition, in the current behavior with externally managed Check Point devices with "supernetting" disabled, IPsec SA is created per host, but not per sub-net.
This feature has a problem of connectivity with third party devices. This feature makes it possible to decrease the number of IPsec SAs that are created per sub-net. The "supernetting" feature enables to adjoin smaller sub-nets to a bigger one ("supernets").VPNs tunnel go up, however I can reach Remote Sites A and B (and viceversa) from 1st subnet only (172.16.0.0/16).Ĭan you help me to address the investigation ? I created a policy rule allowing traffic from first 5 subnets to Remote Site B subnet and viceversa. I created a policy rule allowing traffic from first 4 subnets to Remote Site A subnet and viceversa. This group was specified as VPN Domain (Encryption Domain). I created a group in Check Point including first 5 subnets. Main Site Remote Site B first 5 subnets of main site should be enabled/allowed to VPN traffic.
The objective is to have two site-to-site:
Remote Site B - 3rd Party Device Router/Firewall. I hope you can help me to address the investigation rightly.
0 kommentar(er)
