- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Announce networks behind remote peer VPN to Vi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Announce networks behind remote peer VPN to Virtual Network Gateway. Azure
Hello Everybody
I have the following request,
We have an environment on Azure (R80.20 Cluster) and access to On-premises networks through ExpressRoute. We' configuring a tunnel VPN using VTIs with 3rd Party (Cisco). So, I would like to know if possible to announce the networks behind remote peer VPN, for example (10.236.150.128/27) on my virtual network gateway in order to announce it on the BGP to on-premises networks.
Thank you so much for your attention and comments
Best regards
Everest
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everest,
I am not sure if this is working and I can not test it in my Azure environment as I do not have a ER running, but may be it´s worth trying:
You could add the remote peer network as additional Address space on the VNET, where your Checkpoint GW is deployed:
This should cause BGP to propagate that network to OnPrem.
In addition you may have to modify your UDRs, so that the remote peer network is actually routed to the Checkpoint GW (you should already have such UDRs I guess)
Matthias
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you aiming to have a IPSEC tunnel across Express Route?
Or are you trying to stand up a tunnel across the internet to your CloudGuard gateways for backup?
Or are you trying to stand up tunnels to your CloudGuard gateways from external internet peers and you need internal resources to go across ER to your CloudGuard gateway and then out to the internet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tommy
Thanks for your contact
Basically, We're configuring a Site to Site VPN with a Customer.
Site to Site VPN based VTIs
Peer Remote (Customer) ------------INTERNET --------------- Peer CheckPoint on AZURE
Enviroment Azure
Peer CheckPoint on AZURE --------------ER-------------- ON-Premises
Network Remote Peer: 10.236.150.128/29
Network Peer CheckPoint on Azure: 10.236.1.0/24
Network ON Premises: 10.0.0.0/8
The flow of Traffic: Bidirectional between 10.236.150.128/29 (remote peer network) and 10.0.0.0/8 (OnPremises network)
Yes, This traffic has to go across the Express Route, We need to announce these VPNs networks so that Virtual Gateway.
Thank you so much
Everest
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everest,
I am not sure if this is working and I can not test it in my Azure environment as I do not have a ER running, but may be it´s worth trying:
You could add the remote peer network as additional Address space on the VNET, where your Checkpoint GW is deployed:
This should cause BGP to propagate that network to OnPrem.
In addition you may have to modify your UDRs, so that the remote peer network is actually routed to the Checkpoint GW (you should already have such UDRs I guess)
Matthias