{"id":412,"date":"2010-04-08T13:09:28","date_gmt":"2010-04-08T13:09:28","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/04\/08\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls\/"},"modified":"2023-02-24T13:07:46","modified_gmt":"2023-02-24T13:07:46","slug":"creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html","title":{"rendered":"Create a Basic Route Based VPN between 2 Check Point Firewalls"},"content":{"rendered":"<p>Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the VPN Tunnel Interfaces.<\/p>\n<p>In this example both Firewalls are managed by the same manager. The gateways are :<\/p>\n<ul>\n<li>Site A &#8211; External 192.168.1.1 Inside 10.1.1.1<\/li>\n<li>Site B &#8211; External 192.168.2.1 Inside 10.1.2.1<\/li>\n<\/ul>\n<p>In order to build a route based vpn we need to create VPN Tunnel Interfaces. A VPN Tunnel Interface is a virtual interface on a VPN-1 module, which is associated with an existing VPN tunnel, and is used by IP routing as a point to point interface directly connected to a VPN peer gateway.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Virtual Tunnel Interfaces (VTI&#8217;s)<\/strong><\/span><\/p>\n<p>VTIs can be created only on SPLAT and IPSO (3.9 or above). Though you can only create numbered VTIs within SPLAT. A numbered tunnel interface has a unique IP address assigned to it, while an unnumbered tunnel interface does not.<br \/>\nIn order to create VTI`s you will need to ensure you are running SPLAT Pro. And that the Dynamic Routing feature is enabled. You will also need the nessecary license for this feature.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Steps <\/strong><\/span><\/p>\n<p><strong>Create Object<\/strong><\/p>\n<ol>\n<li>Create a Group Object called Empty containing no objects within SmartDashboard<\/li>\n<\/ol>\n<p><strong>Site A<\/strong><\/p>\n<ol>\n<li>Create the VTI by running the command on Site A&#8217;s CLI :\n<pre class=\"prettyprint\">vpn shell i a n 22.22.22.1 22.22.22.2 SiteB<\/pre>\n<\/li>\n<li>Within the Gateway Object under Topology add you Object named Empty as your VPN Domain.<\/li>\n<li>Within the Gateway Object under Topology use the &#8220;Get&#8221; icon to retrive your new VPN Tunnel Interface (VTI).<\/li>\n<\/ol>\n<p><strong>Site B<\/strong><\/p>\n<ol>\n<li>Create the VTI by running the command on Site B&#8217;s CLI :\n<pre class=\"prettyprint\">vpn shell i a n 22.22.22.2 22.22.22.1 SiteA<\/pre>\n<\/li>\n<li>Within the Gateway Object under Topology add you Object named Empty as your VPN Domain.<\/li>\n<li>Within the Gateway Object under Topology use the &#8220;Get&#8221; icon to retrive your new VPN Tunnel Interface (VTI).<\/li>\n<\/ol>\n<p><strong>General<\/strong><\/p>\n<ol>\n<li>Create a new Meshed Site-2-Site Community within the VPN Community Tab.<\/li>\n<li>Under General select Accept All Encrypted Traffic<\/li>\n<li>Under Paricitpating Gateways add both Site A and Site B.<\/li>\n<li>Push the Policy to both gateways.<\/li>\n<\/ol>\n<p><strong>Add Static Routes<\/strong><\/p>\n<ol>\n<li>On Site A add the following commands via the CLI :\n<pre class=\"prettyprint\">route add -net 10.1.1.0 netmask 255.255.255.0 dev vt-SiteB ; route --save<\/pre>\n<\/li>\n<li>On Site B add the following commands via the CLI :\n<pre class=\"prettyprint\">route add -net 10.1.2.0 netmask 255.255.255.0 dev vt-SiteA ; route --save<\/pre>\n<\/li>\n<\/ol>\n<p><strong><em>Additional Notes :<\/em><\/strong><\/p>\n<p>Below shows you the syntax used to create the VTIs :<\/p>\n<pre class=\"prettyprint\">[Expert@fw]# vpn shell i a n\r\nUsage: \/interface\/add\/numbered &lt;LocalIP&gt; &lt;RemoteIP&gt; &lt;PeerName&gt; [IfName]\r\n\u00a0 LocalIP\u00a0 - The local IP of the tunnel\r\n\u00a0 RemoteIP - The remote IP of the tunnel\r\n\u00a0 PeerName - The peer to attach to this interface\r\n\u00a0 IfName\u00a0\u00a0 - The name of the interface to be used<\/pre>\n<p><em><strong>Additional Resources :<\/strong><\/em><\/p>\n<p>For further information on Route Based Check Point VPNs along with how to create a Route Based VPN between a Cisco device and Check Point device <a href=\"http:\/\/dl3.checkpoint.com\/paid\/95\/Route_Based_VPN_with_Cisco_VPN_Devices.pdf?HashKey=1270734907_17eaf1beffd4ec96f8bb4ffe747bb6e2&amp;xtn=.pdf\" class=\"broken_link\">please see here <\/a><br \/>\n<em>(You will need to login into the Check Point UserCentre prior to accessing this link) <\/em><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the VPN Tunnel Interfaces. In this example both Firewalls are managed by the same manager. The gateways are : Site A &#8211; External 192.168.1.1 Inside 10.1.1.1 Site B &#8230; <a title=\"Create a Basic Route Based VPN between 2 Check Point Firewalls\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\" aria-label=\"Read more about Create a Basic Route Based VPN between 2 Check Point Firewalls\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Basic Route Based VPN between 2 Check Point Firewalls<\/title>\n<meta name=\"description\" content=\"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Basic Route Based VPN between 2 Check Point Firewalls\" \/>\n<meta property=\"og:description\" content=\"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2010-04-08T13:09:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T13:07:46+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Create a Basic Route Based VPN between 2 Check Point Firewalls\",\"datePublished\":\"2010-04-08T13:09:28+00:00\",\"dateModified\":\"2023-02-24T13:07:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\"},\"wordCount\":422,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Check Point Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\",\"name\":\"Create a Basic Route Based VPN between 2 Check Point Firewalls\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2010-04-08T13:09:28+00:00\",\"dateModified\":\"2023-02-24T13:07:46+00:00\",\"description\":\"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Point Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/check-point\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Create a Basic Route Based VPN between 2 Check Point Firewalls\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Create a Basic Route Based VPN between 2 Check Point Firewalls","description":"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html","og_locale":"en_US","og_type":"article","og_title":"Create a Basic Route Based VPN between 2 Check Point Firewalls","og_description":"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html","og_site_name":"Fir3net","article_published_time":"2010-04-08T13:09:28+00:00","article_modified_time":"2023-02-24T13:07:46+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Create a Basic Route Based VPN between 2 Check Point Firewalls","datePublished":"2010-04-08T13:09:28+00:00","dateModified":"2023-02-24T13:07:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html"},"wordCount":422,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Check Point Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html","name":"Create a Basic Route Based VPN between 2 Check Point Firewalls","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2010-04-08T13:09:28+00:00","dateModified":"2023-02-24T13:07:46+00:00","description":"Within this example we will build a Route Based VPN between 2 SPLAT R65 NGX Check Point Firewalls. Static Routes will used to direct the traffic via the","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/creating-a-basic-route-based-vpn-between-2-checkpoint-firewalls.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Check Point Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/check-point"},{"@type":"ListItem","position":5,"name":"Create a Basic Route Based VPN between 2 Check Point Firewalls"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/412"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=412"}],"version-history":[{"count":1,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/412\/revisions"}],"predecessor-version":[{"id":3443,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/412\/revisions\/3443"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}