https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163647#M27350 <P>You can read all about Link Selection here:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Content/Topics-VPNSG/Link-Selection.htm?tocpath=Link%20Selection%7C_____0#Link_Selection" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Content/Topics-VPNSG/Link-Selection.htm?tocpath=Link%20Selection%7C_____0#Link_Selection</A></P> <P>A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.<BR />Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.</P> Wed, 30 Nov 2022 02:36:22 GMT PhoneBoy 2022-11-30T02:36:22Z https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163573#M27316 <P>Hello Mates!</P><P>&nbsp;</P><P>Let me explain the scenario... We have a big customer that has a cloudguard cluster. This cluster is behind of an OCI (<A href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwj18qvs09P7AhXpBrkGHdhpACkQFnoECA0QAQ&amp;url=https%3A%2F%2Fwww.oracle.com%2Fbr%2Fcloud%2F&amp;usg=AOvVaw2HTvoWos9eCYss3mwOCjhn" target="_self">Oracle Cloud Infrastructure</A>) . This OCI manage IPs from public to private and the gateway just see the private IPs.</P><P>My gateway interfaces is like this:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image_2022-11-29_121241033.png" style="width: 596px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/18595i76532EEE5C27470C/image-size/large?v=v2&amp;px=999" role="button" title="image_2022-11-29_121241033.png" alt="image_2022-11-29_121241033.png" /></span></P><P>This customer has many ranges of public IPs, so that each peer partner will use one of these public IPs to establish the VPN tunnel.</P><P>My doubt is: How can I configure all these IPs on the CP side so that it can respond for all partners, each one with a different IP?</P><P>Normally, in the VPN link selection, we set an IP that will respond to all partners.</P><P>Is it supported on Check Point?</P><P>Any advice?</P><P>Thank you!</P> Tue, 29 Nov 2022 15:13:55 GMT https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163573#M27316 Bernardes 2022-11-29T15:13:55Z https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163616#M27327 <P>Can you directly specify what peer uses what IP for Link Selection? No.<BR />It would have to be done with routing, which given this scenario, may not be an option.&nbsp;</P> Tue, 29 Nov 2022 20:41:11 GMT https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163616#M27327 PhoneBoy 2022-11-29T20:41:11Z https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163629#M27335 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;. How could I use routing to make this?</P><P>I try to search for any documentation to help me with this configuration, but I guess that I'm not searching for the right keywords.</P><P>Have any way to make this work?</P> Tue, 29 Nov 2022 22:52:27 GMT https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163629#M27335 Bernardes 2022-11-29T22:52:27Z https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163647#M27350 <P>You can read all about Link Selection here:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Content/Topics-VPNSG/Link-Selection.htm?tocpath=Link%20Selection%7C_____0#Link_Selection" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Content/Topics-VPNSG/Link-Selection.htm?tocpath=Link%20Selection%7C_____0#Link_Selection</A></P> <P>A routing configuration would assume that the public IPs were available on the interface the traffic is routed out.<BR />Since everything on your gateways is private IPs, this will most definitely not work since the gateway won’t know what the public IP is on that interface.</P> Wed, 30 Nov 2022 02:36:22 GMT https://community.checkpoint.com/t5/General-Topics/How-to-configure-VPN-IPSEC-Site-to-Site-with-multiple-Virtual/m-p/163647#M27350 PhoneBoy 2022-11-30T02:36:22Z