https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133084#M19776 <P>CP Checkmates,!</P><P><U><BR />The setup we have in place for SITE to SITE VPN:</U></P><P>Star community has 2 CP Clusters defined and 1 ASA object under satellite. MEP has enabled hence the failover works fine should one of the CPs become unresponsive.<BR /><BR />SMS/Gateways are at R80.30.</P><P><U>Requirement:</U></P><P>We need to add redundancy on the peer side as well. (Basically, one more peer needs to be added along with ASA-Main, which would be ASA-DR.)</P><P><U>Problem:</U></P><P>When we add ASA-DR, along with ASA-Main, both tunnels come up and cause an outage.<BR />For now, we have removed the ASA-DR to keep the setup in a working state.</P><P><BR />I am looking for any possible solutions, please.&nbsp;<BR /><BR />Thanks,<BR />YM</P> Tue, 02 Nov 2021 20:22:52 GMT YuvrajMe147 2021-11-02T20:22:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133084#M19776 <P>CP Checkmates,!</P><P><U><BR />The setup we have in place for SITE to SITE VPN:</U></P><P>Star community has 2 CP Clusters defined and 1 ASA object under satellite. MEP has enabled hence the failover works fine should one of the CPs become unresponsive.<BR /><BR />SMS/Gateways are at R80.30.</P><P><U>Requirement:</U></P><P>We need to add redundancy on the peer side as well. (Basically, one more peer needs to be added along with ASA-Main, which would be ASA-DR.)</P><P><U>Problem:</U></P><P>When we add ASA-DR, along with ASA-Main, both tunnels come up and cause an outage.<BR />For now, we have removed the ASA-DR to keep the setup in a working state.</P><P><BR />I am looking for any possible solutions, please.&nbsp;<BR /><BR />Thanks,<BR />YM</P> Tue, 02 Nov 2021 20:22:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133084#M19776 YuvrajMe147 2021-11-02T20:22:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133252#M19820 <P>Is there anyone who could shed a light on this topic?</P> Thu, 04 Nov 2021 16:25:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133252#M19820 YuvrajMe147 2021-11-04T16:25:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133278#M19822 <P>I’m not 100% on if this would work but am chiming in since there aren’t any responses yet.&nbsp;<BR /><BR />In my head it seems like a route based VPN could work for this setup.&nbsp;<BR /><BR /></P> <P>I would imagine you could set priorities on the routes for relevant traffic to prefer the primary peer.</P> Fri, 05 Nov 2021 04:11:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-tunnel-redundancy-on-CP-and-also-on-ASA-peer-Any-way-to/m-p/133278#M19822 mcatanzaro 2021-11-05T04:11:21Z