topic Re: Site2Site VPN - Quantum Spark 2560. Peer ID and policy options in Spark Firewall (SMB)

Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

JaySon_2021 — Fri, 12 Dec 2025 19:56:02 GMT

I am configuring a site2site VPN from our 2560 to a remote Checkpoint firewall. On our side of the config, for IKEv2 it wants us to input the Peer ID. Is that the IP of the remote side VPN?

Also, I am used to using Smartconsole (these are locally managed), and when creating rules for a VPN, we add the 'Community' to the rule. In the Spark I do not see where I specify the community. Is that just taken care of by virtue of the fact that I identified the local/remote networks used in the Encryption Domains?

Re: Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

PhoneBoy — Fri, 12 Dec 2025 23:10:33 GMT

I believe the Peer ID is the IP, yes.
The concept of a VPN community is not relevant for locally managed SMB devices.
The local/remote encryption domains should be configured correctly.

Re: Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

the_rock — Sat, 13 Dec 2025 03:18:20 GMT

I also think that would be the case with peer ID. I could be mistaken, but I recall setting the IP as peer ID few times before, recently with harmony sase.

Re: Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

Tom_Hinoue — Mon, 15 Dec 2025 02:14:42 GMT

Some additional factors.

I believe the default is to use [Key ID] for locally managed Spark.
This can be confirmed/configured from the WEB UI -> [Device] -> [Advanced Settings] -> [VPN Site to Site global settings - IKEv2 key type].

The available options are:

(1) Key ID (Default)
(2) IP address
(3) FQDN

Make sure the key type matches what is configured with the peer vpn site configuration.

Re: Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

Pedro_Espindola — Fri, 02 Jan 2026 23:27:48 GMT

Just to add to this discussion:

The purpose of a VPN community is to manage multiple tunnels in a single object, useful when you have a central office and multiple branches connected to it with identical tunnel config.

You can create VPN communities for locally managed Spark gateways that are connected to Spark Management in Infinity Portal. All Spark gateways are entitled to it. However, this is only for tunnels between your own Spark gateways managed by the same Spark Management. For externally managed peers you have to create the tunnel directly in the WebUI of the Spark itself.