https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/113672#M15865 <P>Dear mates,</P><P>&nbsp;</P><P>Currently, I have a VPN setup between 2 locations wherein Primary premises I have a cluster and at DR a single GW.</P><P>We are using a Site to Site VPN and now we need to add a 2nd L2 line connection as primary and keep the Site-to-Site as a secondary.</P><P>&nbsp;</P><P>The GWs now, are connected with each end of L2 line and between there is also one switch. (GW -&gt; switch -&gt; end of L2 connection -&gt; end of DR L2 connection -&gt;GW)</P><P>Here are the steps we try so far:</P><P>1. Create a new VLAN for the L2 connection.<BR />2. Assign the new VLAN’s IPs to the GWs and the switch interface.</P><P>3. Create new IP routes on both GWs to redirect traffic to pass from L2 Connection. -&gt; Failed to work.</P><P>5. Create 2 new GWs as Interoperable Device and modify Site to Site VPN using new GWs object with internal L2 IPs. -&gt; Failed to work.</P><P>6.Remove IP routes</P><P>&nbsp;</P><P>The plan is to keep the Site to Site VPN and also pass the traffic through the L2 connection encrypted.</P><P>Regarding link redundancy mode, please note that we have also other remote locations and I think I can't use it.</P><P>&nbsp;</P><P>Any ideas?</P><P>Thank you.</P><P>&nbsp;</P> Tue, 16 Mar 2021 13:46:21 GMT SdanteMate 2021-03-16T13:46:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/113672#M15865 <P>Dear mates,</P><P>&nbsp;</P><P>Currently, I have a VPN setup between 2 locations wherein Primary premises I have a cluster and at DR a single GW.</P><P>We are using a Site to Site VPN and now we need to add a 2nd L2 line connection as primary and keep the Site-to-Site as a secondary.</P><P>&nbsp;</P><P>The GWs now, are connected with each end of L2 line and between there is also one switch. (GW -&gt; switch -&gt; end of L2 connection -&gt; end of DR L2 connection -&gt;GW)</P><P>Here are the steps we try so far:</P><P>1. Create a new VLAN for the L2 connection.<BR />2. Assign the new VLAN’s IPs to the GWs and the switch interface.</P><P>3. Create new IP routes on both GWs to redirect traffic to pass from L2 Connection. -&gt; Failed to work.</P><P>5. Create 2 new GWs as Interoperable Device and modify Site to Site VPN using new GWs object with internal L2 IPs. -&gt; Failed to work.</P><P>6.Remove IP routes</P><P>&nbsp;</P><P>The plan is to keep the Site to Site VPN and also pass the traffic through the L2 connection encrypted.</P><P>Regarding link redundancy mode, please note that we have also other remote locations and I think I can't use it.</P><P>&nbsp;</P><P>Any ideas?</P><P>Thank you.</P><P>&nbsp;</P> Tue, 16 Mar 2021 13:46:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/113672#M15865 SdanteMate 2021-03-16T13:46:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/113952#M15909 <P>Did you change the Link Selection settings at all?<BR />This is required if you're going to change the IP used for the VPN.<BR />Also, are you still encrypting IPsec on the L2 connection?</P> Thu, 18 Mar 2021 15:14:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/113952#M15909 PhoneBoy 2021-03-18T15:14:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/114067#M15924 <P>Many thank for the response.</P><P>&nbsp;</P><P>I didn't change the Link Selection settings as I have many locations connected with HQ and I need to change only one of them.</P><P>Currently, the Link Section is at the Main address. If we ignore the redundant connection. There is a way just to replace the Site to Site VPN and configure a new one with privates IPs on L2 connection?</P><P>No, the ISP doesn't encrypt the L2 connection.</P><P>Thank you.</P> Fri, 19 Mar 2021 09:44:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/114067#M15924 SdanteMate 2021-03-19T09:44:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/114133#M15944 <P><SPAN>Maybe try to use "Calculate IP based on network Topology."<BR />As long as you have more specific routes for that VPN over L2, I believe it will choose the correct IP.</SPAN></P> <P>&nbsp;</P> Sat, 20 Mar 2021 06:50:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Redundant-VPN-Connection-using-ISP-L2-connection-and-S2S-VPN/m-p/114133#M15944 PhoneBoy 2021-03-20T06:50:45Z