CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: VPN - Encryption Domain

  1. #1
    Join Date
    2017-04-21
    Posts
    30
    Rep Power
    0

    Default VPN - Encryption Domain

    Hi,

    Say I have an Encryption domain that contains a supernet 10.50.0.0/16. I have this in the domain to allow VPN users to connect to any host in that subnet. Now I need to create a policy based IPSEC tunnel. I want to only put encryption domain 10.50.6.0/24. How can I achieve this?

    Thanks

  2. #2
    Join Date
    2006-09-26
    Posts
    3,162
    Rep Power
    16

    Default Re: VPN - Encryption Domain

    Quote Originally Posted by juniorra22 View Post
    Hi,

    Say I have an Encryption domain that contains a supernet 10.50.0.0/16. I have this in the domain to allow VPN users to connect to any host in that subnet. Now I need to create a policy based IPSEC tunnel. I want to only put encryption domain 10.50.6.0/24. How can I achieve this? Thanks
    Unfortunately, this is one of the problems when you use Checkpoint as a VPN device. You would not have this problem if you were using Cisco IOS routers or ASA.

    You can work around the problem by CIDR... like

    10.50.0.0/22
    10.50.4.0/24
    10.50.5.0/24
    10.50.6/0/24
    ...

    10.50.7.0/24
    10.50.8.0/22
    ..
    you know how that goes.

    use GUIEdit to change the ike_largest_possible_subnet from true to false

    I think it will work for you. convoluted but doable, IMHO

Similar Threads

  1. Won't NAT in Encryption Domain
    By menz456 in forum NAT (Network Address Translation)
    Replies: 1
    Last Post: 2010-02-01, 19:00
  2. NG AI R55 : encryption domain problem
    By dakis in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2009-03-06, 12:57
  3. Encryption domain problems
    By sb_23 in forum SecureClient/SecuRemote
    Replies: 5
    Last Post: 2008-08-21, 02:45
  4. Encryption domain
    By rewind in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2008-07-24, 10:41
  5. What should my encryption domain be?
    By Barry J. Stiefel in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2005-08-13, 01:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •