Search This Blog

Wednesday, August 19, 2015

Check Point site-to-site VPN with full route



This post will demonstrate, step by step, how to configure a site-to-site VPN between 2 Check Point security gateways, were all traffic from site B is routed through site A, and will use site A public IP for internet access – hence full tunnel from site B to site A.

Each site is managed by its own, so I have two security management servers.

This is the network topology diagram:

First step we will create network objects:

Right click on Networks -> Network and add the remote site network




Now create a simple group which will gather all remote site networks, in case we have more than one, right click on Groups -> Groups -> Simple group



In the following group we will add all the remote networks.

Repeat these steps for local networks and group:



Now let’s create the remote peer object, right click on Check Point -> Check Point -> More -> Externally Managed VPN Gateway



Type in the machine name, IP address and check Firewall and IPSec VPN checkboxes:


Next choose Topology, in the right pane, and under VPN Domain choose Manually defined and select the remote peer group we made earlier:


Do the same step for our locally security gateway, and make sure that the local VPN group is set:


This group represent the local networks which are behind our security gateway.

Next let’s create the VPN community, select IPSec VPN in the products pane, click on New and choose Star Community:



Type a name for the community and check Accept all encrypted traffic check box:

Select Center Gateways in the right pane, click Add and choose the gateway that will be the center, in our case CP-CLUSTER, which is the security gateway of site A:


Then select Satellite Gateways, click Add and choose site B gateway, in our case CP-SG3:


Leave encryption with his default settings:


Select Tunnel Management, check Set Permanent Tunnels check box:


Select Advanced Settings -> VPN Routing and click on To Center, or through the center to other satellites, to internet and other VPN targets:


This setting will force the satellites to route all traffic through the center gateway.

Select Excluded Services, click Add and choose IKE:


Select Shared Secret, check Use Only Shared Secret for all External members, then click on the peer name, click edit and type in the shared secret (Check Point recommend to use a shared secret with no less the 20 characters):


Select Advanced VPN Properties, and under NAT check Disable NAT inside the VPN community:


Click OK and close the Star Community.

Last step we need to create Firewall policy to allow traffic between the two sites, select Firewall in the products pane and choose Policy. Add new rule between the two groups (local and remote VPN groups) in both directions:




To finish click on Install Policy.

Please note that those steps should be configured on both sides each with his corresponding objects and settings.

Also the following steps should be configured only on the center gateway -
Add Firewall policy rule to allow site B networks to access the internet:


And add NAT rule for remote site network:



Now when client in network 192.168.20.0/24 will access the internet, he will pass-through CP-CLUSTER and will use his external IP.

Products List:
CP-CLUSTER – Check Point R77.20
CP-SG3 – Check Point R77.30

Posted by at
Labels: ,

45 comments:

  1. UnknownJuly 14, 2017 at 2:43 PM

    The remote connections on the internet are possible only with the VPN technology and with the use of the VPN any information can be privately sent to its employees in different locations. free vpn sites

    ReplyDelete
  2. Mueeid KhanSeptember 3, 2017 at 1:40 PM

    Maintaining a stable connection is also very important in determination of how fast a VPN can go. It is always advisable to choose a VPN server with the least amount of data packet loss and if possible 0 %.Vpn for netflix

    ReplyDelete
  3. James harperOctober 27, 2018 at 12:11 AM

    A lot of people having an incorrect image about the cash advance loans or sometimes refer it as bad credit payday loans. allertaprivacy

    ReplyDelete
  4. Jims lindaOctober 31, 2018 at 10:34 PM

    Such a strikingly basic article.I basically wish to offer a creature proceed for the standard data you have perfect here on this post. privacidadenlared

    ReplyDelete
  5. MatiasNovember 1, 2018 at 1:01 AM

    Man's lives, such as uncontrolled huge amounts, definitely not while countries furthermore reefs, challenging to seismic disturbance upward perfect apply. https://privatnostonline.com

    ReplyDelete
  6. Mona martinNovember 2, 2018 at 10:42 PM

    Very cozy looking rooms. Let me know if your going to Mexico. Oh and btw. you should read our Tipping in Mexico guide if you do. It will save you a lot of awkward moments. internetprivatsphare.ch

    ReplyDelete
  7. Ethan RyanNovember 4, 2018 at 12:42 AM

    This is exactly what I was looking for. Thanks for sharing this great article! That is very interesting Smile I love reading and I am always searching for informative information like this! visit website

    ReplyDelete
  8. DavidNovember 5, 2018 at 2:03 AM

    You have done a great job. I will definitely dig it and personally recommend to my friends. I am confident they will be benefited from this site. beste vpn

    ReplyDelete
  9. victoria seoJanuary 1, 2019 at 11:39 AM

    The blog is so charming. You can't avoid it.
    www.theloanrepublic.com

    ReplyDelete
  10. DavidFebruary 24, 2019 at 1:27 AM

    You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers. Klik hier

    ReplyDelete
  11. BodyBuilding SupplementsApril 22, 2019 at 2:41 PM

    Virtual Private Networks can be convoluted while considering the innovation included. On the off chance that you have any inquiries in regards to the framework's security, execution, or speed, ask the supplier's delegates. https://vpn.surf/blog/buy-vpn-with-dash-coin/

    ReplyDelete
  12. emmalin2April 23, 2019 at 10:25 PM

    Thanks a lot for one’s intriguing write-up. It’s actually exceptional. Searching ahead for this sort of revisions.
    short term loans no credit check who

    ReplyDelete
  13. AkseosolutionsJune 11, 2019 at 12:00 PM

    Thank you for helping people get the information they need. Great stuff as usual. Keep up the great work!!! expressvpn free trial

    ReplyDelete
  14. UnknownJuly 6, 2019 at 9:30 PM

    I’ve been surfing online more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. In my opinion, if all webmasters and bloggers made good content as you did, the web will be a lot more useful than ever before. top android vpn

    ReplyDelete
  15. AnonymousOctober 24, 2019 at 6:26 AM

    Pls correct the drawing : both sites have same IP address subnet 192.168.10.0/24

    ReplyDelete
  16. Karina.SMarch 25, 2020 at 12:12 PM

    For VPNs that are ready to go once installed, and are also compatible with other VPNs that need set up, you may refer to this VPN ranking website that lists the top free and paid VPNs, complete with features and reviews.

    ReplyDelete
  17. michaelOctober 15, 2020 at 4:14 PM

    Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. Backlink

    ReplyDelete
  18. king levisterNovember 27, 2020 at 6:24 PM

    This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work photographe publicitaire

    ReplyDelete
  19. LewisMarch 31, 2021 at 10:05 PM

    VPN that does not cost you anything up front. Most free VPN services offer only PPTP which is considered obsolete. Also, because it is free, there will be thousands of users logging in resulting in lack of bandwidth for all. How to choose right VPN?

    ReplyDelete
  20. UNKNOWNMay 25, 2021 at 6:17 PM

    I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. 科学上网

    ReplyDelete
  21. UNKNOWNMay 25, 2021 at 6:18 PM

    I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. 科学上网

    ReplyDelete
  22. CuzToxJune 26, 2021 at 1:32 PM

    In the event that that doesn't work, ping the loopback address 127.0.0.1. In the event that that fizzles, your connector may not be working or it's anything but appropriately arranged. steam in home streaming vpn

    ReplyDelete
  23. HendryJuly 27, 2021 at 2:01 PM

    Do you have an IP address? Attempt ipconfig/all. On the off chance that you don't have an IP address reboot your PC. https://onohosting.com/

    ReplyDelete
  24. DavidOctober 2, 2021 at 1:57 PM

    While choosing the right intermediary supplier you should look whether what is the complete pivot season of these intermediaries and after how much span their intermediaries are turned. helpful resources

    ReplyDelete
  25. Elon MuskOctober 3, 2021 at 3:52 PM

    I have been impressed after read this because of some quality work and informative thoughts. I just want to say thanks for the writer and wish you all the best for coming! Your exuberance is refreshing. diebestenvpn

    ReplyDelete
  26. haaliNovember 20, 2021 at 3:35 PM

    I invite you to the page where you can design with overpowering information on as shown by a general point of view clashing district interests. read more

    ReplyDelete
  27. andy designJanuary 6, 2022 at 6:08 PM

    The reality about SEO services is that it is routinely not hard work, but that doesn't mean its unproblematic.It still takes time, dedication, effort, strategy, technique, method, skill, and experience to execute eminence SEO services. As we can see, these SEO experts want nothing but to deliver their services through a complete utilization of SEO tools to produce outstanding results. web hosting services

    ReplyDelete
  28. jazbaJanuary 7, 2022 at 12:35 PM

    Blog commenting is a great way to expand a websites influence throughout the web, however if done incorrectly you can alienate readers and other web masters. This brief guide goes over the basics of blog commenting, including footprints and increasing the stickiness of blog comments. https://hostinglelo.in/

    ReplyDelete
  29. mobiFebruary 20, 2022 at 12:46 PM

    I just found this blog and have high hopes for it to continue. Keep up the great work, its hard to find good ones. I have added to my favorites. Thank You. ExpressVPN Deal

    ReplyDelete
  30. AlayaSEOMarch 16, 2022 at 7:43 AM

    A virtual private network or VPN service is the tool that is commonly used these days to protect the privacy of users when surfing the web. They can do this by creating a sort of encrypted tunnel where all the data that you submit on the web can pass through. Because it's encrypted, it will be impossible for people who intercept the data to read and understand it. deep web

    ReplyDelete
  31. AlayaSEOMarch 16, 2022 at 8:41 AM

    Reports of hacking, cyber attacks, and divulging of personal information have accelerated over the past decade, causing a corresponding increase in the need for security and protection. While businesses tend to be the major target for cyber attacks, the use of VPNs among individuals is also on the rise. dark web

    ReplyDelete
  32. emeryville tree serviceAugust 17, 2022 at 9:38 PM

    Thanks For sharing!

    ReplyDelete
  33. AnonymousAugust 19, 2022 at 8:03 PM

    thank you for Article, Amazing. goleta tree service

    ReplyDelete
  34. AnonymousAugust 24, 2022 at 3:34 PM

    Thanks so much for this.
    tree pruning company

    ReplyDelete
  35. AnonymousAugust 25, 2022 at 9:18 PM

    Thanks so much for this.
    Our site

    ReplyDelete
  36. AnonymousSeptember 10, 2022 at 1:41 PM

    This is awesome!! www.treecarebrentwood.com

    ReplyDelete
  37. AnonymousSeptember 12, 2022 at 10:30 AM

    Nice blog!! www.treeserviceoakley.com

    ReplyDelete
  38. AnonymousNovember 5, 2022 at 7:55 PM

    This is a decent and educational blog https://lososostree.com

    ReplyDelete
  39. AnonymousNovember 14, 2022 at 5:02 PM

    Great share menlo park tree care

    ReplyDelete
  40. AnonymousNovember 16, 2022 at 11:46 PM

    really great https://taipeimedia.com/

    ReplyDelete
  41. AnonymousNovember 19, 2022 at 6:18 PM

    Really nice and interesting post www.treeservicesedona.com

    ReplyDelete
  42. AnonymousNovember 21, 2022 at 9:58 PM

    Really nice and interesting post info

    ReplyDelete
  43. AnonymousNovember 24, 2022 at 11:20 PM

    Great info. concrete driveway company

    ReplyDelete
  44. AnonymousNovember 26, 2022 at 4:02 PM

    That is very helpful tree removal

    ReplyDelete
  45. AnonymousNovember 29, 2022 at 11:58 AM

    It looks great! tree trimming company

    ReplyDelete

Subscribe to: Post Comments (Atom)