Site-Site tunnel between Cisco ASA and Check Point Security Gateway.
Local network: (Cisco ASA)
0.0.0.0 / 0.0.0.0
Remote network: (Check Point)
10.80.0.0 / 24
10.16.5.0 / 25
Reason for using 0's/0's: Conflict in local and remote subnets. Remote end subnet of 10.16.5.0/25 is covered by local subnet of 10.16.0.0/12.
(NAT over the VPN tunnel is not preferred in our case neither we want to split 10.16.0.0/12 to exclude 10.16.5.0/25 out)
object-group network LOCAL_NETWORK
network-object 0.0.0.0 0.0.0.0
object-group network REMOTE_NETWORK
network-object 10.80.0.0 255.255.255.0
network-object 10.16.5.0 255.255.255.128
access-list VPN-TEST extended permit object-group LOCAL_NETWORK object-group REMOTE_NETWORK object-group TCP_UDP_ICMP
access-list VPN-TEST extended permit object-group REMOTE_NETWORK object-group LOCAL_NETWORK object-group TCP_UDP_ICMP
crypto map VPN 340 match address VPN-TEST
Would there be any issues with this setup in terms of tunnel stability and security?
I haven't done such setup myself yet, if anybody had such experience before would be glad if I could get some assistance/advise.
... View more