https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-specify-secondary-IP-address-in-Checkpoint-S2S-vpn/m-p/230978#M44481 <P>I have 2 site to site VPNs from CP gateway to 2 Fortigates as shown below.</P><P>&nbsp;</P><P>Fortigate_SiteB ---------&nbsp; FortigateA/CPFW (vrrp) ------------Fortigate_SiteC</P><P>&nbsp;</P><P>The FortigateA/CPFW are running VRRP on its 'external' interface.</P><P>The FortigateA/CPFW is behind a NAT device with port forwarding enabled and working toward the VRRP ip.</P><P>&nbsp;</P><P>The VPNs do connect successfully. But when CPFW is the active firewall, Site C gets intermittent timeouts&nbsp;every other minute. (observed when I&nbsp; do continuous ping) . It seems to be reconnecting every so often.</P><P>&nbsp;</P><P>On the FortigateA I have set the LocalID to the secondary ip (vrrp address). Is there a similar setting in CheckpointFW ?</P> Mon, 28 Oct 2024 12:56:36 GMT ANARINE 2024-10-28T12:56:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-specify-secondary-IP-address-in-Checkpoint-S2S-vpn/m-p/230978#M44481 <P>I have 2 site to site VPNs from CP gateway to 2 Fortigates as shown below.</P><P>&nbsp;</P><P>Fortigate_SiteB ---------&nbsp; FortigateA/CPFW (vrrp) ------------Fortigate_SiteC</P><P>&nbsp;</P><P>The FortigateA/CPFW are running VRRP on its 'external' interface.</P><P>The FortigateA/CPFW is behind a NAT device with port forwarding enabled and working toward the VRRP ip.</P><P>&nbsp;</P><P>The VPNs do connect successfully. But when CPFW is the active firewall, Site C gets intermittent timeouts&nbsp;every other minute. (observed when I&nbsp; do continuous ping) . It seems to be reconnecting every so often.</P><P>&nbsp;</P><P>On the FortigateA I have set the LocalID to the secondary ip (vrrp address). Is there a similar setting in CheckpointFW ?</P> Mon, 28 Oct 2024 12:56:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-specify-secondary-IP-address-in-Checkpoint-S2S-vpn/m-p/230978#M44481 ANARINE 2024-10-28T12:56:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-specify-secondary-IP-address-in-Checkpoint-S2S-vpn/m-p/230994#M44486 <P>I assume you’d have to set up <A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Content/Topics-VPNSG/MEP.htm" target="_self">MEP</A> to support the Remote VPN Peer having more than one IP.</P> Mon, 28 Oct 2024 13:38:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-specify-secondary-IP-address-in-Checkpoint-S2S-vpn/m-p/230994#M44486 PhoneBoy 2024-10-28T13:38:21Z