https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99151#M10375 <P>Hi Team,</P><P>I am planning to create a loopback interfaces on my HA cluster with same Public&nbsp; IP to terminate the IPsec VPN tunnels. It is required as I am having private IP address on external interface and I don't want to NAT the IP on Internet router.</P><P>Questions:</P><P>1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.</P><P>2. How would I choose the loopback interface IP&nbsp; as an&nbsp; Peer IP under Gateway Cluster properties -&gt; IPsec VPN -&gt; Link Selection I don't see an option to set this IP to be used as VPN peer IP for my third parties.</P><P>3. How this loopback interface&nbsp; chooses physical interfaces to route its traffic&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Anshu Bathla</P> Thu, 15 Oct 2020 06:08:46 GMT ab 2020-10-15T06:08:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99151#M10375 <P>Hi Team,</P><P>I am planning to create a loopback interfaces on my HA cluster with same Public&nbsp; IP to terminate the IPsec VPN tunnels. It is required as I am having private IP address on external interface and I don't want to NAT the IP on Internet router.</P><P>Questions:</P><P>1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.</P><P>2. How would I choose the loopback interface IP&nbsp; as an&nbsp; Peer IP under Gateway Cluster properties -&gt; IPsec VPN -&gt; Link Selection I don't see an option to set this IP to be used as VPN peer IP for my third parties.</P><P>3. How this loopback interface&nbsp; chooses physical interfaces to route its traffic&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Anshu Bathla</P> Thu, 15 Oct 2020 06:08:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99151#M10375 ab 2020-10-15T06:08:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99156#M10376 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/31573">@ab</a>&nbsp;</P> <P><EM>1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.</EM></P> <P>That's not possible for your needs. You have to create a dummy cluster-interface. The members are assigned private IPs and the VIP will be your public IP.</P> <P>With these configuration you can choose your public IP in all the needed sections in VPN link selection.</P> <P>Wolfgang</P> <P>&nbsp;</P> Thu, 15 Oct 2020 06:38:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99156#M10376 Wolfgang 2020-10-15T06:38:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99160#M10377 <P>Thanks Wolfgang,</P><P>Shall I consider that&nbsp;as of now terminating the IPsec VPN is not at all possible on Loopback interfaces&nbsp; on Checkpoint Firewalls?</P> Thu, 15 Oct 2020 07:04:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99160#M10377 ab 2020-10-15T07:04:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99377#M10378 <P>Just set the Link Selection IP to a static IP which does not have to be associated with a gateway interface at all.</P> Sun, 18 Oct 2020 05:32:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/99377#M10378 PhoneBoy 2020-10-18T05:32:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/100123#M10379 <P>Hi Anshu,</P><P>we also have the same requirement, Were u able to make it work with the dummy cluster interface. Please share your feedback</P> Mon, 26 Oct 2020 08:08:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/100123#M10379 libin 2020-10-26T08:08:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/257149#M50381 <P>HI,</P><P>have you any feedback for this configuration? can we finalise the VPN IPSEC on a dummy INterface ?</P><P>What doesn't it mean exactly? should I define on GAIA System also an interface with the private IP address then define the public IP addresse on the CLuster Topologie?</P><P>Thank you for your reply</P> Fri, 12 Sep 2025 06:51:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPsec-VPN-termination-on-Loopback-interfaces-R80-40/m-p/257149#M50381 laurent_ragon 2025-09-12T06:51:05Z