https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124618#M17981 <P>Not clear what the requirement is here.<BR />Do you want to initiate the VPN from either IP or a specific IP.<BR />In any case, it's the Link Selection setting in the gateway object that will control what the VPN is initiated with.</P> Wed, 21 Jul 2021 22:32:01 GMT PhoneBoy 2021-07-21T22:32:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124343#M17932 <P>Hello</P><P>&nbsp;</P><P>&nbsp;</P><P>we have clusterX with 2 ISP peers with BGP</P><P>network between cluster and ISP1 : 31.154.10.0/29</P><P>network between cluster and ISP2 : 31.154.11.0/29</P><P>we have 2 bgp peers to each ISP and we redistitbute the following network 31.154.12.0/27 (no physical nic related to that network only NAT to DMZ devices) from both&nbsp;</P><P>&nbsp;</P><P>we have ipsec to customer from ISP1 with his physical address, and now we want to enable option to create the peer also from the ISP2 nic.</P><P>&nbsp;</P><P>can we use&nbsp;unnembered vti tunnel with loopback address from 31.154.12.0/27 and create the peer with the customer with that ip address ?</P><P>then its will be managed from BGP and peer will be able to establish from both nic with 1 IP.</P><P>&nbsp;</P><P>i didnt find explained documents&nbsp;</P> Mon, 19 Jul 2021 15:33:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124343#M17932 asher 2021-07-19T15:33:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124618#M17981 <P>Not clear what the requirement is here.<BR />Do you want to initiate the VPN from either IP or a specific IP.<BR />In any case, it's the Link Selection setting in the gateway object that will control what the VPN is initiated with.</P> Wed, 21 Jul 2021 22:32:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124618#M17981 PhoneBoy 2021-07-21T22:32:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124650#M17986 <P>HI</P><P>&nbsp;</P><P>i want to initiate the tunnel from loopback address that will be available from BGP from 2 ISP&nbsp;peers,</P><P>the tunnel is with 3rd party device.</P> Thu, 22 Jul 2021 08:22:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124650#M17986 asher 2021-07-22T08:22:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124725#M18000 <P>As I said, this is controlled by the VPN Link Selection setting in the gateway/cluster object.<BR />You specify the relevant IP there.</P> Thu, 22 Jul 2021 22:38:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/124725#M18000 PhoneBoy 2021-07-22T22:38:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/126757#M18347 <P>Hi again</P><P>&nbsp;</P><P>the link selection is useful only when peers is manage locally,</P><P>in my scenario its 3rd party , i follow all the articles and its looks that vti is the best choice for that,</P><P>so there is any detailed guide for the following scenario:</P><P>1. ISP use only 1 public ip&nbsp;</P><P>2. we use 2 available public ip with&nbsp; primary/backup tunnel</P><P>3. when we create tunnel interface on our side we create only 1 vti ?&nbsp;</P><P>4. in the 3rd party side need to create 2 vti ? one for each our public ip ?</P><P>5. our default route 0.0.0.0 is from BGP from both ISP peers&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 12 Aug 2021 14:37:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-unnnumbered-vti-tunnel/m-p/126757#M18347 asher 2021-08-12T14:37:26Z