https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56971#M4281 <P>Hello ,</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Thank you for the response, The same configuration we had implemented , but when we had a call with the checkpoint support for validation they mention that as the Satellite G/Ws (frontend and backend ) both are 3rd party.&nbsp;</P><P>The configuration would be as follows ::</P><P>One Community with Checkpoint Fw as center and rest of the two as Satellite.</P><P>Note :: We want some new different configuration for this one is because, the one checkpoint suggested needs to have the same VPN phase 1 and 2 parameters for both the third party gateway.&nbsp;</P><P>And in the future we will be having multiple frontend VPN tunnels , so keeping the VPN parameters same would not help really well.</P><P>Moreover, if you say there should be two different communities , the could you please let us know how the VPN routing between these two is going to take place.</P><P>Regards</P><P>Mrigen Sane&nbsp;&nbsp;</P> Fri, 28 Jun 2019 15:30:03 GMT Mrigen_Sane 2019-06-28T15:30:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56873#M4275 <P>Hello All,</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; We have configured two Domain based tunnels as (Satellite G/Ws) and our checkpoint FW 12400 running on R77.30 Jumbo take&nbsp;&nbsp;Take: 302.</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</P><P>Cisco ASA &lt;----IPSec VPN(&nbsp;Backend Tunnel)-----&gt; Checkpoint FW 12400&nbsp;&nbsp;&lt;----IPSec VPN &nbsp;(Frontend Tunnel)-----&gt;&nbsp; Cisco PIX FW</P><P>So now the question is for the VPN routing and and can we have two different communities with different Phase 1 and 2 parameters.</P><P>&nbsp;</P><P>Please share any other configuration method you come across under this scenario.</P><P>&nbsp;</P><P>Regards,</P><P>Mrigen Sane</P> Thu, 27 Jun 2019 18:32:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56873#M4275 Mrigen_Sane 2019-06-27T18:32:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56886#M4279 You would have two different VPN communities, one with the backend tunnel, and one with the frontend tunnel.<BR />Each community can have different Phase 1/2 settings. Thu, 27 Jun 2019 22:17:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56886#M4279 PhoneBoy 2019-06-27T22:17:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56971#M4281 <P>Hello ,</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Thank you for the response, The same configuration we had implemented , but when we had a call with the checkpoint support for validation they mention that as the Satellite G/Ws (frontend and backend ) both are 3rd party.&nbsp;</P><P>The configuration would be as follows ::</P><P>One Community with Checkpoint Fw as center and rest of the two as Satellite.</P><P>Note :: We want some new different configuration for this one is because, the one checkpoint suggested needs to have the same VPN phase 1 and 2 parameters for both the third party gateway.&nbsp;</P><P>And in the future we will be having multiple frontend VPN tunnels , so keeping the VPN parameters same would not help really well.</P><P>Moreover, if you say there should be two different communities , the could you please let us know how the VPN routing between these two is going to take place.</P><P>Regards</P><P>Mrigen Sane&nbsp;&nbsp;</P> Fri, 28 Jun 2019 15:30:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56971#M4281 Mrigen_Sane 2019-06-28T15:30:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56996#M4282 I guess I missed the part where the third party VPN endpoints need to talk to each other.<BR />Unfortunately, members of the same VPN Community must all use the same encryption settings.<BR />And, if you're using different VPN communities, cross-community traffic would not normally be allowed.<BR />Maybe this would work with a Route-Based VPN, as opposed to Domain-Based VPNs, I'm not sure. Fri, 28 Jun 2019 22:06:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-between-Two-Domain-Based-IPsec-VPN/m-p/56996#M4282 PhoneBoy 2019-06-28T22:06:34Z